tags:

views:

330

answers:

2
Q: 

Custom authentication at the URL level, use ISAPI still with .NET or is there a new way?

Is there a non-IIS way of authenticating users that is not with HTML?

I know I can create my own ISAPI filter for IIS, but I want to achieve the same thing, with .NET code and not integrate it with IIS.

Is there a way to do this now, with the latest .NET, or is ISAPI still the way to go?

A: 

You can use an IHttpModule to do this type of thing, e.g.

public class AuthModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += OnAuthenticateRequest;
        context.AuthorizeRequest += OnAuthorizeRequest;
    }

    private static void OnAuthenticateRequest(object sender, EventArgs e)
    {
        // authenticate the user here...
        // (note that the sender argument is an HttpApplication instance)
    }

    private static void OnAuthorizeRequest(object sender, EventArgs e)
    {
        // ...then authorize their attempted action here, if needed
    }
}
Greg Beech  2009-02-03 20:08:48
Why the down-vote? This is the way to do it with .NET; particularly with IIS7. If you're down-voting, please leave a comment as to why, and what you believe the 'correct' method is.
Greg Beech  2009-02-08 23:36:41
OK, I wanted to roll it back, but seems that I could not make any change now.
Lex Li  2009-06-05 23:33:35
+1  A: 

If you want to apply your custom authentication for all contents, an ISAPI extension is required for IIS 5/6/7.

Greg's way only works for ASP.NET content on IIS 5/6. However, if you understand the Integrated Pipeline feature of IIS 7 well, you can configure an ASP.NET HTTP module like Greg's to apply to all contents.

MSDN and IIS.net can provide me more details if you do a search further.

Lex Li  2009-02-08 06:25:28

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication