Custom authentication at the URL level, use ISAPI still with .NET or is there a new way?
-
21-08-2019 - |
Question
Is there a non-IIS way of authenticating users that is not with HTML?
I know I can create my own ISAPI filter for IIS, but I want to achieve the same thing, with .NET code and not integrate it with IIS.
Is there a way to do this now, with the latest .NET, or is ISAPI still the way to go?
Solution
If you want to apply your custom authentication for all contents, an ISAPI extension is required for IIS 5/6/7.
Greg's way only works for ASP.NET content on IIS 5/6. However, if you understand the Integrated Pipeline feature of IIS 7 well, you can configure an ASP.NET HTTP module like Greg's to apply to all contents.
MSDN and IIS.net can provide me more details if you do a search further.
OTHER TIPS
You can use an IHttpModule
to do this type of thing, e.g.
public class AuthModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.AuthenticateRequest += OnAuthenticateRequest;
context.AuthorizeRequest += OnAuthorizeRequest;
}
private static void OnAuthenticateRequest(object sender, EventArgs e)
{
// authenticate the user here...
// (note that the sender argument is an HttpApplication instance)
}
private static void OnAuthorizeRequest(object sender, EventArgs e)
{
// ...then authorize their attempted action here, if needed
}
}