Performing Developing Doing Custom Authorization Using Windows Authentication Asp.Net C#

Posted by on October 11, 2010 Leave a comment (0) Go to comments

Introduction:
In this article,i am going to explain about how to perform a custom authorization using windows authentication.

Main:
Regardless of the IIS version, the basic HTTP request pipeline model has two core mechanisms for handling requests: HttpModules and HttpHandlers. ASP.NET uses those two mechanisms to process incoming ASP.NET requests, generate a response, and return that response to the client.

Modules and handlers allow us to plug into the request-processing pipeline at different points and interact with the actual requests being processed by IIS.

ASP.NET passes each incoming request through a layer of preprocessing HttpModules in the pipeline. ASP.NET allows multiple modules to exist in the pipeline for each request. After the incoming request has passed through each module, it is passed to the HttpHandler, which serves the request. Notice that although a single request may pass through many different modules, it can be processed by one handler only. The handler is generally responsible for creating a response to the incoming HTTP request. After the handler has completed execution and generated a response, the response is passed back through a series of post-processing modules, before it is returned to the client.

Here we are going to create a custom http module for performing custom authorization,

 public void Init(HttpApplication r_local_senderlication)
  {
   // Register our event handler with Application object.
   r_local_senderlication.AuthenticateRequest += 
               new EventHandler(this.AuthenticateRequest) ;
  }
 
  public void Dispose()
  {
   // Left blank because we dont have to do anything.
  }
 
  private void AuthenticateRequest(object r_objSender,
                                   EventArgs r_objEventArgs)
  {
   // Authenticate user credentials, and find out user roles.
    HttpApplication local_sender= (HttpApplication) r_objSender ;
    HttpContext objContext = (HttpContext) local_sender.Context ;
    if ( (local_sender.Request["userid"] == null) ||
                        (local_sender.Request["password"] == null) )
    {
     objContext.Response.Write("<H1>Credentials not provided</H1>") ;
     objContext.Response.End() ;
    }
 
    string userid = "" ;
    userid = local_sender.Request["userid"].ToString() ;
    string password = "" ;
    password = local_sender.Request["password"].ToString() ;
 
    string[] strRoles ;
    strRoles = AuthenticateAndGetRoles(userid, password) ;
    if ((strRoles == null) || (strRoles.GetLength(0) == 0))
    {
    objContext.Response.Write("<H1>We are sorry but we could not
       find this user id and password in our database</H1>") ;
    local_sender.CompleteRequest() ;
    }
 
    GenericIdentity objIdentity = new GenericIdentity(userid,
                                             "CustomAuthentication") ;
    objContext.User = new GenericPrincipal(objIdentity, strRoles) ;
  }
 
  private string[] AuthenticateAndGetRoles(string r_strUserID,
                                                 string r_strPassword)
  {
   string[] strRoles = null ;
   if ((r_strUserID.Equals("James")) &&
                                  (r_strPassword.Equals("NetPrgHelp")))
   {
    strRoles = new String[1] ;
    strRoles[0] = "Administrator" ;
   }
   else if ((r_strUserID.Equals("Peter")) &&
                                        (r_strPassword.Equals("Ann")))
   {
     strRoles = new string[1] ;
     strRoles[0] = "User" ;				
    }
    return strRoles ;
   }
  }
}