Custom authentication at the URL level, use ISAPI still with .NET or is there a new way?

StackOverflow https://stackoverflow.com/questions/508640

  •  21-08-2019
  •  | 
  •  

Question

Is there a non-IIS way of authenticating users that is not with HTML?

I know I can create my own ISAPI filter for IIS, but I want to achieve the same thing, with .NET code and not integrate it with IIS.

Is there a way to do this now, with the latest .NET, or is ISAPI still the way to go?

Was it helpful?

Solution

If you want to apply your custom authentication for all contents, an ISAPI extension is required for IIS 5/6/7.

Greg's way only works for ASP.NET content on IIS 5/6. However, if you understand the Integrated Pipeline feature of IIS 7 well, you can configure an ASP.NET HTTP module like Greg's to apply to all contents.

MSDN and IIS.net can provide me more details if you do a search further.

OTHER TIPS

You can use an IHttpModule to do this type of thing, e.g.

public class AuthModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += OnAuthenticateRequest;
        context.AuthorizeRequest += OnAuthorizeRequest;
    }

    private static void OnAuthenticateRequest(object sender, EventArgs e)
    {
        // authenticate the user here...
        // (note that the sender argument is an HttpApplication instance)
    }

    private static void OnAuthorizeRequest(object sender, EventArgs e)
    {
        // ...then authorize their attempted action here, if needed
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top