1

Is there a non-IIS way of authenticating users that is not with HTML?

I know I can create my own ISAPI filter for IIS, but I want to achieve the same thing, with .NET code and not integrate it with IIS.

Is there a way to do this now, with the latest .NET, or is ISAPI still the way to go?

Jason
  • 16,739
  • 23
  • 87
  • 137

2 Answers2

1

If you want to apply your custom authentication for all contents, an ISAPI extension is required for IIS 5/6/7.

Greg's way only works for ASP.NET content on IIS 5/6. However, if you understand the Integrated Pipeline feature of IIS 7 well, you can configure an ASP.NET HTTP module like Greg's to apply to all contents.

MSDN and IIS.net can provide me more details if you do a search further.

Lex Li
  • 60,503
  • 9
  • 116
  • 147
0

You can use an IHttpModule to do this type of thing, e.g.

public class AuthModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += OnAuthenticateRequest;
        context.AuthorizeRequest += OnAuthorizeRequest;
    }

    private static void OnAuthenticateRequest(object sender, EventArgs e)
    {
        // authenticate the user here...
        // (note that the sender argument is an HttpApplication instance)
    }

    private static void OnAuthorizeRequest(object sender, EventArgs e)
    {
        // ...then authorize their attempted action here, if needed
    }
}
Greg Beech
  • 133,383
  • 43
  • 204
  • 250
  • Why the down-vote? This is the way to do it with .NET; particularly with IIS7. If you're down-voting, please leave a comment as to why, and what you believe the 'correct' method is. – Greg Beech Feb 08 '09 at 23:36
  • OK, I wanted to roll it back, but seems that I could not make any change now. – Lex Li Jun 05 '09 at 23:33