1. Resources
    2. Code Snippets
    3. Web Access

Custom Authentication and Basic understanding

Posted Date: 11 May 2010 |Updated: 11-May-2010 |Category: Web Access |Author: |Member Level: Gold |Points: 8 |


Custom authentication allows to write our own module and set page user(httpcontext.user)

Custom Authentication




Problem Scenario


How does custom authentication Work



Little understanding on authentication

Asp.net worker process uses many httpmodules to perform different types of authentications.Correct httpmodule is loaded based on web.config entry. By default there are three httpmodules in machine.config file. Please see the following default entries in machine .config file.


 
         type="System.Web.Caching.OutputCacheModule"/>
         type="System.Web.SessionState.SessionStateModule"/>
         type="System.Web.Security.WindowsAuthenticationModule"/>
         type="System.Web.Security.FormsAuthenticationModule"/>
         type="System.Web.Security.PassportAuthenticationModule"/>
         type="System.Web.Security.UrlAuthorizationModule"/>
         type="System.Web.Security.FileAuthorizationModule"/>




These authentication modules are responsible for creating IPrincipal object and storing it in the HttpContext.User property. This propery is used to take authroization decision.


What all are required to make custom authentication work


step 1: Write our own http module and hook custom handler to AuthenticateRequest event.
step 2: Create an IPrincipal object and store in HttpContext.User property.Createing IPrincipal object is provides developer flexibility to change asp.net page user(httpcontext.user) based on business rule.
step 3: Web.config entry for custom httpmodule.


  
             type="namespace.Custom httpmodule Name, type name or assembly name" />


step 4 : write your own httpmodule.


using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Security.Principal;


    /// 
    /// Summary description for CustomWindowsAuthentication
    /// 
    public class CustomAuthentication : IHttpModule
    {

        private HttpApplication httpApp;

        public void Init(HttpApplication httpApp)
        {
            this.httpApp = httpApp;
            //httpApp.AuthenticateRequest += new EventHandler(OnAuthentication);
        }

        void OnAuthentication(object sender, EventArgs a)
        {
            string UserName = string.Empty;
            HttpContext httpContext = null;

            try
            {
                Context = HttpContext.Current;
                UserName = Context.User.Identity.Name;
		// TODO:
                //UserName = 
                // Write some business logic to authenticate user against your application or what ever else required.
                
                if (!string.IsNullOrEmpty(UserName))
                {
		    System.Security.Principal.IIdentity customIdentity = new System.Security.Principal.GenericIdentity(UserName);
                    System.Security.Principal.IPrincipal customPrincipal = new System.Security.Principal.GenericPrincipal(customIdentity, null);
                    HttpContext.Current.User = customPrincipal;
                   
                }
            }
            catch (System.Threading.ThreadAbortException)
            {
                // Exception Handling
            }
            catch (Exception exp)
            {
               // Exception Handling
            }
        }
        public void Dispose()
        { }

    }



Related Articles

Impersonation

User who is responsible for running current thread can be impersonated programmatically.

Login code in c#

Code for login form ,user enter username,password this is verified from database and according to that user is logged in or invalid user message is given

Login As different user

It helps in performing action like "login As". different user can loging into system by clicking some link.

More articles: Authentication Authorization Secure Communication ASP.NET Pipeline Processing

Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
    • Name:
    Email:
    Submit Article
    Return to Article Index

    Top Contributors

    Today
      Last 7 Days

      more...

      About dotnetspider.com

      We believe in providing quality content to our readers. If you have any questions or concerns regarding any content published here, feel free to contact us using the Contact link below.

      Quick Links
      General
      Services

      Digital Marketing by SpiderWorks Technologies, Kochi - India. ©