locked
Form based auhentication using ISAPI filter RRS feed

  • Question

  • User193335039 posted

    Hi,

    I have to perform form based auhentication using ISAPI filter. When the user enters the username and password in a form and posts it, how do i get the data entered by the user ?

    I cannot use ASP or anything like that. Have to create a custom ISAPI authentication filter for the purpose ?
     

    Thursday, December 27, 2007 6:17 AM

Answers

  • User511787461 posted

    Only way to get it from an ISAPI filter is using SF_NOTIFY_READ_RAW notification which is not supported in worker process isolation mode in IIS6 - also there is no way to set non-windows based authenticated user with an ISAPI filter - you would be much better writing an ISAPI extension and using HSE_REQ_EXEC_URL to set the authenticated user (only available on IIS6 and later) - of couse, using the already available forms auth in asp.net is probably the best/easiest way.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, December 31, 2007 3:44 AM

All replies

  • User-1853252149 posted

    Forms authentication is a function of ASP.NET, not an ISAPI filter.  You could always write an ISAPI filter that sets a cookie or other login token based on login credentials, or you could use Windows authentication, or stuck with ASP.NET forms authentication.  It all depends on what you're trying to accomplish.

    Jeff

    Thursday, December 27, 2007 8:52 AM
  • User193335039 posted

    All i would need is to get the data that has been entered in the form ie. the values entered in the username and password fields.

     

    Thursday, December 27, 2007 9:35 AM
  • User1073881637 posted

    I suggest try not to reinvent the wheel when the .NET framework provides this functionality by default.

    http://samples.gotdotnet.com/quickstart/aspplus/doc/formsauth.aspx

    Friday, December 28, 2007 12:14 AM
  • User193335039 posted

     is there a way in which i can get the data that has been sent as a http post request ?

    POST /index.htm HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
    Referer: http://test.com/signin.htm
    Accept-Language: en-us
    Content-Type: application/x-www-form-urlencoded
    UA-CPU: x86
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)
    Host: rsactp112.test.com
    Content-Length: 31
    Connection: Keep-Alive
    Cache-Control: no-cache

    userName=user&userPassword=pass
     

    All i need is to get this string  "userName=user&userPassword=pass"

     

    Monday, December 31, 2007 2:26 AM
  • User511787461 posted

    Only way to get it from an ISAPI filter is using SF_NOTIFY_READ_RAW notification which is not supported in worker process isolation mode in IIS6 - also there is no way to set non-windows based authenticated user with an ISAPI filter - you would be much better writing an ISAPI extension and using HSE_REQ_EXEC_URL to set the authenticated user (only available on IIS6 and later) - of couse, using the already available forms auth in asp.net is probably the best/easiest way.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, December 31, 2007 3:44 AM
  • User193335039 posted

     @anilr

    Thank you. Thats what i was looking for 

    Monday, December 31, 2007 3:58 AM
  • User193335039 posted

    Hi,

    IIS by default does not accept POSTing data to a HTML page. and if any such request comes it gives a 405 error.

    What should i do to make IIS allow POSTing data to a HTML page ?

     

    Thanks & Regards

    Asif 

    Tuesday, January 8, 2008 10:31 AM
  • User511787461 posted

    html files are just static files which are just served as-is, so POSTing to them makes no sense - if your html files actually contains dynamic content, map them to a dynamic script processor and you will be able to configure what verbs you want to support.

    Tuesday, January 8, 2008 1:15 PM