locked
How to write a httpmodule to handle authentication, please help. RRS feed

  • Question

  • User-842092983 posted

    I need the module to handle webdav call, but since it is just http call, I think it is a general question about how to authenticate user.

    If I create webdav folder on IIS, I can turn on basic authentication or window integrated authentication.

    But my webdav is a virtual one, I use a httpmodule to handle user request. So I need handle the authentication too.

    My question is how to create a httpmodule to capture the basic authentication or window integrated authentication request from client side ( most likely the request will come from "Microsoft Data Access Internet Publishing Provider DAV or "Microsoft-WebDAV-MiniRedir/5.1.2600")

    thanks

    Thursday, October 26, 2006 1:31 PM

Answers

  • User763059395 posted
    No that is the Authorization for everything.  No matter what ASP.NET application you put together it has to go through this method.  You can try using the Authentication event to suppress this windows authentication box if you wish, but you cannot get to any handler including ASPX pages with out first going through these methods.  If it happens before even the BeginRequest event happens then the process is happening outside of ASP.NET and you should probably ask your question in an IIS forum.
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 27, 2006 2:18 PM

All replies

  • User763059395 posted
    What you are really asking is not an authentication issue it is an authorization issue.  The following code should get you started (I took this from an example of my own project at ManagedFustion PortalModule): 
    	public class PortalModule : IHttpModule
    {
    #region IHttpModule Members

    /// <summary>Initializes a module and prepares it to handle requests.</summary>
    /// <param name="application">An <see cref="System.Web.HttpApplication"/> that provides access to the methods, properties, and events common to all application objects within an ASP.NET application.</param>

    public void Init (HttpApplication application)
    {
    application.AuthorizeRequest += new EventHandler(Application_AuthorizeRequest);
    }

    /// <summary>Disposes of the resources (other than memory) used by the module that implements <b>IHttpModule</b>.</summary>
    /// <remarks><b>Dispose</b> performs any final cleanup work prior to removal of the module from the execution pipeline.</remarks>

    public void Dispose ()
    {
    }

    #endregion

    private void
    Application_AuthorizeRequest(object sender, EventArgs e)
    {
    HttpContext Context = ((HttpApplication)sender).Context;
    IPrincipal myUser = Context.User;
    // use the myUser object to figure out if they are authenticted
    }
    }
     
    Friday, October 27, 2006 9:56 AM
  • User-842092983 posted

    Thanks.

     That is a normal webpage autorization. I am working on a webdav. When you turn on webdav on your site, you can choose "basic authentication" or "integrated window authentication". When user connect the folder, a window will show to ask for username and password, just like when you login to window. I want to handle those. 

    Friday, October 27, 2006 2:14 PM
  • User763059395 posted
    No that is the Authorization for everything.  No matter what ASP.NET application you put together it has to go through this method.  You can try using the Authentication event to suppress this windows authentication box if you wish, but you cannot get to any handler including ASPX pages with out first going through these methods.  If it happens before even the BeginRequest event happens then the process is happening outside of ASP.NET and you should probably ask your question in an IIS forum.
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 27, 2006 2:18 PM