Click here to Skip to main content
Click here to Skip to main content

Authentication at the IIS Level

, 6 Sep 2011
Rate this:
Please Sign up or sign in to vote.
This post talks about the authentication procedure that can be done in IIS.

Introduction

This post basically explains how an authentication can happen at the IIS level.

Background

It all happened when I interviewed a guy with quite a good amount of experience, I then noted that many experienced guys lacked the so called basics. I remember asking him this question; “I would want to authenticate the user as a valid user even before the request hits the page, I don't want to use Forms or Windows authentication”. The answer I got back was terrible – the candidate replied saying the check can be done at either page_load or page_init.

Explanation

In my post http://bloggingbunk.com/2011/07/net-in-depth-understanding-request-life-cycle/, I discussed about 2 main elements:

  1. HttpModule
  2. HttpHandler

For any request, the IIS first calls the HttpModule then the HttpHandler then the Page and then the HttpModule.

In your project, while designing on the asp pages, create a class which will inherit iHttpModule. This class will implement all the methods of HttpModule. Now put your authentication code at BeginRequest. For e.g., say your project stores important data persisted in cookies; send the cookie information alongside of the request. The following figure depicts how your request will fetch the page. The pipe represents the HttpModule and the HttpHandler.

AuthenticationatIIS.jpg

Now, these checks that you see can be a call to the DB or to any authentication system or even to an Access Control Policy routine.

With the HttpModules being handy, we have the leverage to do anything before the request hits the page.

This goes on to say that while the page life cycle is complete-HttpModule can also help us in doing any operation under EndRequest; it can be a check for the response or anything.

You can have more security in place if you can leverage HttpModule’s: BeginRequest, AuthoriseRequest and EndRequest along with HttpHandler’s: ProcessRequest.

Conclusion

Basically to sum it up - this methodology gracefully carries our pipeline pattern. Hope you understood the Authentication at IIS. Please shoot your questions as comments and I will reply.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

s.jdm
Architect Tesco
United Kingdom United Kingdom
No Biography provided

Comments and Discussions

 
GeneralMy vote of 1 Pinmemberbrianma12-Sep-11 8:24 
GeneralRe: My vote of 1 PinmemberSanjay JDM12-Sep-11 18:24 
GeneralRe: My vote of 1 Pinmemberbrianma12-Sep-11 22:08 
GeneralRe: My vote of 1 PinmemberSanjay JDM12-Sep-11 22:09 
QuestionPlease give an example and some code PinmemberDan Mordechay8-Sep-11 1:00 
AnswerRe: Please give an example and some code PinmemberSanjay JDM8-Sep-11 1:31 
GeneralMy vote of 1 PinmemberRumen Yankov7-Sep-11 2:03 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web01 | 2.8.140827.1 | Last Updated 6 Sep 2011
Article Copyright 2011 by s.jdm
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid