Pluggable security mechanism?

O

oliver.wulff

I'm wondering if it is possible in .NET to plug-in a custom authentication
& authorization mechanism. So, that IIS applications and Webservice would
be authenticated against this custom authentication & authorization
implementation. This implementation would authenticate a user with a
password and deliver the roles of this user in this application
(configurable application id).
Thanks a lot for your hints!
Oliver
 
J

Jan Tielens

Check out this WSE article:
http://tinyurl.com/2gtxy
Using Role-Based Security with Web Services Enhancements 2.0
Ingo Rammer
Independent Consultant and Developer

September 2003

Applies to:
Microsoft® .NET Framework
Web Services Enhancements 2.0 for Microsoft® .NET
WS-Policy specification

Summary: How to use Web Services Enhancements 2.0 for Microsoft .NET (WSE
2.0) to integrate X.509-based WS-Security authentication with role-based
security features in the Microsoft .NET Framework. Highlights the use of
WS-Policy in WSE 2.0 to greatly simplify tasks. (26 printed pages)
 
P

Peter Rilling

Probably.

If you look in the machine.config file, IIS is configured security
mechanisms that are programmed as HttpModule components.

<httpModules>
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
<add name="WindowsAuthentication"
type="System.Web.Security.WindowsAuthenticationModule"/>
<add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModule"/>
<add name="PassportAuthentication"
type="System.Web.Security.PassportAuthenticationModule"/>
<add name="UrlAuthorization"
type="System.Web.Security.UrlAuthorizationModule"/>
<add name="FileAuthorization"
type="System.Web.Security.FileAuthorizationModule"/>
<add name="ErrorHandlerModule"
type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</httpModules>

So if you can figure out how these work, you should be able to write your
own.
 
O

oliver.wulff

I can write an event handler for AuthenticateRequest of IHttpModule. But
I'm not sure whether I can implement the authentication code in this event
handler or the event is just fired after successful authentication.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to effectively develop a web application from scratch? 0
Web Service Security....sigh 1
Web service security 1
Login mechanism for web apps 3
security... 0
location path not functioning within web.config -- no images/css 0
role-based security and ActiveDirectory 18
WCF vs Web Service Security 0

Staff online

Members online

Total: 33 (members: 2, guests: 31)
Robots: 356

Forum statistics

Threads
473,767
Messages
2,569,571
Members
45,045
Latest member
DRCM

Latest Threads

Top