 |
|
|
Hello,
I am new to this Forum and this is my first message i am posting. Apologies, if i am doing anything wrong - wrong post, wrong topic or something of that kind. Direct me to the right place, in case this is not. Tx
My question is - What is the programming language recommended for a good ISAPI filter application ?
My requirements include building an ISAPI filter for authentication towards LDAP for any O/S and any webservers. Have got some details about how to develop an ISAPI filter for Windows & IIS from the previous articles. But cant assess if the filter developed in VC++ will work for Apache running on unix/linux. The filter must be compatible across platforms - Webservers & O/S.
Any help would be greatly appreciated.
Regards,
Franklin
|
|
|
|
|
|
|
I had build a authfilt.dll which the codes got by this site not work on Windows 2003 IIS.
I wonder if there is some speical differences between Windows 2000 and 2003 Server.
I had install and work well the application one Windows 2000 serveral years ago..
I will setup a windows 2000 server to verify it...
If U got some tips about this topic,thanks for anything to mention.
Jackie Hsu 2008/03/19 Taiwan
|
|
|
|
|
|
|
 make sure that you have not Set the flag:
SF_NOTIFY_READ_RAW_DATA
|
|
|
|
|
|
|
I have written an authentication filter which performs non form based Basic authentication. The problem is once the authentication is done the page does not get displayed.
//Code
#include
#include
#include
#include
#define USERNAME "user"
#define PASSWORD "pass"
#define DOMAIN "domain.com"
#define BASIC_HDR "Basic"
#define FOURK_STR_SIZE 4*1024
#define ONEK_STR_SIZE 1024
DWORD WINAPI
HttpFilterProc( PHTTP_FILTER_CONTEXT pfc,
DWORD notificationType,
VOID *pvNotification )
{
struct
{
char userpass[ONEK_STR_SIZE];
char url[ONEK_STR_SIZE];
char cookie[256];
}*head;
unsigned int cookielen;
char domain[ONEK_STR_SIZE];
DWORD urllen = sizeof(head->url);
char str[ONEK_STR_SIZE];
char *user = NULL;
char *pass = NULL;
char szBuffer [ FOURK_STR_SIZE + 1 ] = { 0 };
char *userpass64;
char userpassde[ONEK_STR_SIZE];
char *up1;
unsigned int userpassdelen;
DWORD userpasslen;
HTTP_FILTER_PREPROC_HEADERS *headers = (HTTP_FILTER_PREPROC_HEADERS *) pvNotification;
HTTP_FILTER_SEND_RESPONSE *response = (HTTP_FILTER_SEND_RESPONSE *) pvNotification;
switch(notificationType)
{
case SF_NOTIFY_PREPROC_HEADERS :
OutputDebugString("SF_NOTIFY_PREPROC_HEADERS");
if ( !pfc->pFilterContext )
{
pfc->pFilterContext = pfc->AllocMem( pfc, sizeof ( head ), 0 );
if ( !pfc->pFilterContext )
{
SetLastError( ERROR_NOT_ENOUGH_MEMORY );
return SF_STATUS_REQ_ERROR;
}
}
head = pfc->pFilterContext;
headers->GetHeader( pfc, "url", head->url,&urllen);
headers->GetHeader( pfc, "Authorization:", head->userpass, &userpasslen );
headers->GetHeader( pfc, "Cookie:", head->cookie, &cookielen );
sprintf(str,"url is %s userpass is %s cookie is %s",head->url,head->userpass,head->cookie);
OutputDebugString(str);
sprintf(str,"url length is %d userpass length is %d cookie length is %d",strlen(head->url),strlen(head->userpass), strlen(head->cookie));
OutputDebugString(str);
//break;
case SF_NOTIFY_AUTHENTICATION:
OutputDebugString("SF_NOTIFY_AUTHENTICATION");
if ( !strcmp(head->cookie,"auth=Authenticated") )
{
OutputDebugString("Authentication completed");
OutputDebugString("returning SF_STATUS_REQ_NEXT_NOTIFICATION");
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
else //No cookie or cookie has auth=NotAuthenticated
{
OutputDebugString("cookie not equals auth=Authenticated");
if(!strlen(head->userpass)==0) //Check whether username and password are being sent
{
OutputDebugString(str);
OutputDebugString(head->userpass);
userpass64 = (char*) malloc (strlen(head->userpass));
userpass64=strchr(head->userpass,' '); //separating the base64 part from the rest of the string
userpass64++;
OutputDebugString(userpass64);
// decoding the base64 username password
b64_decode(userpass64,strlen(userpass64),userpassde,&userpassdelen); // Decoded string is stored in userpassde
OutputDebugString(userpassde);//Output will be user:pass
up1 = (char*) malloc (strlen(userpassde));
strcpy(up1,userpassde);
OutputDebugString(up1);
user=strtok(userpassde,":");//Copy user into a string
OutputDebugString(user);
pass=strchr(up1,':');//Copy pass into a string
pass++;//Remove : from the string
OutputDebugString(pass);
if( !strcmp( user, USERNAME ) && !strcmp( pass, PASSWORD ) )
{
//Every thing is perfect
OutputDebugString("All conditions satisfied");
pfc->AddResponseHeaders(pfc,"Set-Cookie: auth=Authenticated; path=/;\r\n", 0);
OutputDebugString("returning SF_STATUS_REQ_NEXT_NOTIFICATION");
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
}
//All conditions have failed
OutputDebugString("Wrong Username or password");
sprintf(domain, "WWW-Authenticate: Basic realm=\"%s\"\r\n", DOMAIN);
pfc->AddResponseHeaders(pfc,"Set-Cookie: auth=NotAuthenticated; path=/;\r\n", 0);
pfc->ServerSupportFunction( pfc, SF_REQ_SEND_RESPONSE_HEADER,
(PVOID) "401 Unauthorized",
(DWORD) domain,
(DWORD) NULL );
OutputDebugString("returning SF_STATUS_REQ_FINISHED_KEEP_CONN");
return SF_STATUS_REQ_FINISHED_KEEP_CONN;
}
break;
default:
break;
}
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
Debug Output :
00000000 1:06:18 PM [5924] SF_NOTIFY_PREPROC_HEADERS
00000001 1:06:18 PM [5924] url is /index.htm userpass is cookie is
00000002 1:06:18 PM [5924] url length is 10 userpass length is 0 cookie length is 0
00000003 1:06:18 PM [5924] SF_NOTIFY_AUTHENTICATION
00000004 1:06:18 PM [5924] cookie not equals auth=Authenticated
00000005 1:06:18 PM [5924] Wrong Username or password
00000006 1:06:18 PM [5924] returning SF_STATUS_REQ_FINISHED_KEEP_CONN
00000007 1:06:23 PM [5924] SF_NOTIFY_PREPROC_HEADERS
00000008 1:06:23 PM [5924] url is /index.htm userpass is Basic dXNlcjpwYXNz cookie is auth=NotAuthenticated
00000009 1:06:23 PM [5924] url length is 10 userpass length is 18 cookie length is 21
00000010 1:06:23 PM [5924] SF_NOTIFY_AUTHENTICATION
00000011 1:06:23 PM [5924] cookie not equals auth=Authenticated
00000012 1:06:23 PM [5924] url length is 10 userpass length is 18 cookie length is 21
00000013 1:06:23 PM [5924] Basic dXNlcjpwYXNz
00000014 1:06:23 PM [5924] dXNlcjpwYXNz
00000015 1:06:23 PM [5924] user:pass
00000016 1:06:23 PM [5924] user:pass
00000017 1:06:23 PM [5924] user
00000018 1:06:23 PM [5924] pass
00000019 1:06:23 PM [5924] All conditions satisfied
00000020 1:06:23 PM [5924] returning SF_STATUS_REQ_NEXT_NOTIFICATION
imazing
|
|
|
|
|
|
|
How do I install an ISAPI filter on ISA server?
|
|
|
|
|
|
|
Hi, I am wondering whether anyone has tried to write ISAPI filter for WSS using servervariables. I would like to get some sample code that I can extend to user account filter.
Thanks in advance,
sarma pisapati
sarma@pisapati.com
|
|
|
|
|
|
|
Please suggest how to extract the client IP address using ISAPI filters. The REMOTE_ADDR in getservervariable only shows the address of the domain from which the request is coming and not the client IP address.
Kamal
|
|
|
|
|
|
|
I want to extract the session id of the client with the IIS server without using the cookies as the cookies could be disabled by the user.
Kamal
|
|
|
|
|
|
|
|
|
|
Hi i have followed a all the steps and tried to execute the dll it does not work. I only 405 error. can anyone help me
|
|
|
|
|
|
|
Is there a wau to call this from my own server app like:
I included the files in my app and then...
BOOL CHTTPServer::ParseRequest(string szRequest, string &szResponse, BOOL &bKeepAlive)
{
CAuthFilter theFilter;
........
}
I tried this but got a NTDLL.DLL access violation
??
|
|
|
|
|
|
|
I just compiled this project in the .NET IDE and installed in the IIS. It is showing a Red down arrow in the status and things not working.
But installing the .dll provided here straight away is working.
I have not made any changes.
T. Udhaya moorthi
Web Administrator
www.dinakaran.com
229, Kutchery Road,
Mylapore
Chennai
Tamil nadu - 600004
India
Ph: Off: 91-44-24956031
Res: 91-44-24956057
Mobile: 91-44-31067766
Email: karanmedia@eth.net
Yahoo ID: udhayamoorthi@yahoo.com
MSN ID : umoorthi@hotmail.com
Online : 10:00am to 1:00pm AND 5:00pm to 8:00pm (IST)
Visit : http://www.dinakaran.com for News in Tamil
|
|
|
|
|
|
|
The same thing happened to me. After much frustration I finally figured out that I had not changed the path in AuthFilt.h (#define USER_LIST_FILE) At least that got it gegistered and running as a filter. Now I am having other problems
|
|
|
|
|
|
|
hi,
my problem goes this:
1. I call a HTML in a directory which need authentication(can't anonymous),
then the authentication dialog pop up.
2. I fill in the correct NTusername and NTpassword,the HTML page opened.
3. I found OnAuthentication Function called, but pAuthen->pszUser and pAuthent->pszPassword is always null.
why I can't get the parameters??
also, if I fill in the user/password (not NT), I can't opened the HTML page,
are they not maped to NT user/password????
help me, waiting now....
|
|
|
|
|
|
|
Can I use HTML form(post method) to athenticate using ISAPI filter?
(I don't like to see Basic athentication window)
|
|
|
|
|
|
|
this is for basic authentication.
if you use HTML form, so authenticate it by yourself, that mean you don't use the NT authentication method.
|
|
|
|
|
|
|
The code in this article runs very well. I was able to use it as a base for a slightly more complicated authentication scheme. Once it was used on a live server, however, I found one glaring problem with the OnLog function. I believe that when more than one request is processed at a time by the ISAPI authentication filter, the shared memory in the form of the pCtxt->m_pFC->pFilterContext string is causing concurrency issues. It's nice how it was coded to add the cleartext login along with the NT login to the IIS log file, but here's a small piece of what I found in the log files shortly before the web server crashed:
10:02:54 192.168.0.2 - 192.168.0.1 80 GET /Default.htm - 401 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0) -
10:02:59 192.168.0.2 glass (mgr) 192.168.0.1 80 GET /Default.htm - 304 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0) -
10:02:59 192.168.0.2 glass (mgr) (mgr) 192.168.0.1 80 GET /inc/script.js - 304 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0) http:10:02:59 192.168.0.2 glass (mgr) (mgr) (mgr) 192.168.0.1 80 GET /inc/style.css - 304 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0) http:
This eventually ended up with a log entry that looked something like:
10:02:59 192.168.0.2 (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) (mgr) 192.168.0.1 80 GET /inc/style.css - 304 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0) http:
Apparently, the NT username is being appended multiple times, which would indicate the allocated memory for pCtxt->m_pFC->pFilterContext is being used more than it should be. Since it's easy to tell what the NT login is from the text file, I just commented out the part that appends the NT login to the username in the OnLog function:
if ( pCtxt->m_pFC->pFilterContext )
{
CHAR *pch = (CHAR *)pCtxt->m_pFC->pFilterContext;
pLog->pszClientUserName = pch;
}
This solved my problem, and others who plan on using this may want to consider making this adjustment as well.
tony@tonyandjen.net
|
|
|
|
|
|
|
Hello,
I am trying to access the Session ID of the IIS web server using ISAPI. Is this possible ?
Best Regards,
Ajith.
|
|
|
|
|
|
|
If I am not mistaken the session ID is stored as a cookie in the header. So to access it is a simple task. I think its like this:
COOKIE:ASPSESSIONIDGQGQGLAY=NCINDOFBBKBIGEPKCFBONKDN
Regards
Taliesin
|
|
|
|
|
|
|
Hello, everyone. I have a question. I hope you have an answer.
If a client and IIS are in one domain (local network), is it possible to get the client's WinNT account from within ISAPI filter, without prompting to enter name and password? How can I retrieve the user account name that now works at computer with known IP address? May be via Active Directory or what? Has anyone solved this problem.
Thanks.
Jesse
|
|
|
|
|
|
|
Hi, I'm looking for a sample ISAPI filter which asks a Web service
(or any HTTP address) to obtain some data from a central server.
I want to build an ISAPI filter for several web servers (which are
spread on different internet domains), and these servers shall provide
a SingleSignOn, by sending UserID+password to the central server which
responds with a session ticket.
(I do not want to use Kerberos, because it *must* use the standard HTTP port.)
Thanks in advance! Thorsten (thorsten@3sprenger.de)
|
|
|
|
|
|
|
I am using IIS 5.1.
I implement OnAuthentication and only turn on basic authentication.
Although I am prompted 3 times for a password at the client end, here is a trace of what the server sees:
Starting Filter
1: -
1: -
1: -
1: -
1: -
1: -
1: -
1: -
1: -
1: -
Ending Filter
Where I would be expecting to get 1: user-password.
The password just does not seem to be getting through to the filter.
Any ideas?
|
|
|
|
|
|
|
I have the same problem with you,
I can't get the user name and password which inputed from the client?
In OnAthentication fuction:
pAuthent->pszUser, pAuthent->pszPassword are always null.
why?
|
|
|
|
|
|
|
Hi all
i am also facing same problem. i think OnAuthentication function not doing any thing. Really this not allowing us to Authenticate users. Even i remove the user from userdb.txt file but filter is allowing to access the page.
please help me out from that problem.
Regards
Asim
|
|
|
|
|
|
|
Is it possible to install an ISAPI Filter for Personal Web Server?
Thanks
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin