AuthenticateRequest in Global.asax and a custom HTTP Module

[Leslie]

I am writing a web services application, using basic authentication.
However, I need to authenticate against user setting up in our database. So,
I need to write my own code to authenticate users.

I think that I could put my authentication code in AuthenticateRequest event
in either Global.asax or in a custom HTTP module. However, I don't know what
is the difference between them. And is there any implication if I make the
choice of one way or the other?

Any helps would be appreciated. Thanks.

 

[Brock Allen]

I think that I could put my authentication code in AuthenticateRequest

event in either Global.asax or in a custom HTTP module. However, I
don't know what is the difference between them. And is there any
implication if I make the choice of one way or the other?

Authentication is done in your custom login page. Once you are confident
the user has provided proper credentials you then want to call FormsAuthentication.SetAuthCookie
or FormsAuthentication.RedirectFromLoginPage. This will issue a cookie that
will identify the user.

So, in short, you just need to build the login page.

 

[Leslie]

Thanks for helpine me here. If I understand you correctly, I think you are
talking about form authentication. However, since I am writing a web service
application, I can't use this approach. That is why I am thinking to use
AuthenticateRequest from either the Blobal.asax or a custom HTTP module. But
I am not sure about the difference of these two. Do you know?

 

[Dominick Baier [DevelopMentor]]

Hello Leslie,

the difference of global.asax and a httpModule is packaging. the module is
a dll (which can be potentially shared or GACed) - global.asax is always
local to that one app.

But if you are using WebServices - you should consider using WSE with UsernameTokens
- i don't think you should roll your own authentication scheme!