views:

230

answers:

2

i don´t think so.. but is it possible to retrieve the NetworkCredentials from HttpContext.Current.Request (e.g. in a WebService-method) which where used to call the web-site hosting my webservice?

A: 

I´ve found a possible solution: http://msdn.microsoft.com/en-us/library/ms996415.aspx

..even if i can not deactivate anonymous access in my scenario :-(

krile
A: 

If you let IIS do the authentication stuff, IIS will validate against its own credentials store (local or Active Directory), and just let you know if the user is authentication and its user name, and never the password.

If you want to implement basic authentication with any other credentials (e. g. password (hashes) in a custom database), in IIS6 you would have to disable basic authentication in IIS, allow anonymous access, and implement e. g. your own HttpHandler for authentication that can return 403 and 401 status codes as needed.

On IIS7, you could implement a custom authentication module and configure it from the IIS7 console.

For both cases, this project might be a good start: http://www.codeplex.com/CustomBasicAuth

markus