Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version

Custom Authentication provider by implementing IHttpModule, IPrincipal and IIdentity

, 2 Nov 2003
An article on writing Custom Authentication provider in ASP.NET
customauthentication_demo.zip
CustomAuthenticationDemo
bin
CustomAuthenticationDemo.csproj.webinfo
CustomAuthenticationDemo.vsdisco
Global.asax
_vti_cnf
_vti_pvt
_vti_script
_vti_txt
customauthentication_src.zip
CustomSecurity
bin
Debug
CustomSecurity.csproj.user
obj
Debug
temp
TempPE
using System;
using System.Reflection;
using System.Collections;
using System.Text;
using System.Web;
using System.Security.Cryptography;
using System.Configuration;

namespace CustomSecurity
{
	/// <summary>
	/// Provides static methods that supply helper utilities for authenticating identites. 
	/// This class cannot be inherited.
	/// </summary>
	public sealed class CustomAuthentication
	{
		const string LOGINURL_KEY				= "CustomAuthentication.LoginUrl";
		const string AUTHENTICATION_COOKIE_KEY	= "CustomAuthentication.Cookie.Name";
		const string AUTHENTICATION_COOKIE_EXPIRATION_KEY	= "CustomAuthentication.Cookie.Timeout";

		#region static methods
		/// <summary>
		/// Produces a string containing an encrypted string for an authenticated User Identity
		/// suitable for use in an HTTP cookie given a CustomIdentity
		/// </summary>
		/// <param name="identity">CustomIdentity class for the authenticated user</param>
		/// <returns>Encrypted string</returns>
		public static string Encrypt(CustomIdentity identity)
		{
			string encryptedString = String.Empty;
			try
			{
				StringBuilder en_str = new StringBuilder();
				Type t_Identity = identity.GetType();
				PropertyInfo[] propertyInfo = t_Identity.GetProperties();
				foreach(PropertyInfo property in propertyInfo)
				{
					en_str.Append(property.GetValue(identity, null));
					en_str.Append("|$|");
				}

				encryptedString = CustomEncryption.Encrypt(en_str.ToString());
			}
			catch(Exception e)
			{
				string str = e.Message;
				throw ;
			}
			return encryptedString;
		}

		/// <summary>
		/// Returns an instance of a CustomIdentity class, 
		/// given an encrypted authentication string obtained from an HTTP cookie.
		/// </summary>
		/// <param name="encryptedInput">Encrypted string conataining User Identity</param>
		/// <returns>CustomIdentity object</returns>
		public static CustomIdentity Decrypt(string encryptedInput)
		{
			CustomIdentity identity = null;
			try
			{
				string decryptedString = CustomEncryption.Decrypt(encryptedInput);
				//string[] userProperties = decryptedString.Split(new char[] {'|'});
				ArrayList userProperties = new ArrayList();
				Split("|$|", decryptedString, userProperties);
				if(userProperties != null && userProperties.Count > 0)
				{
					identity = new CustomIdentity();
					Type t_identity = identity.GetType();
					PropertyInfo[] propertyInfo = t_identity.GetProperties();
					for( int i = 0; i < propertyInfo.Length; i++)
					{ 
						PropertyInfo property = propertyInfo[i];
						if(property.CanWrite)
						{
							string propertyValue = userProperties[i].ToString();
							object objValue = Convert.ChangeType(propertyValue, property.PropertyType);
							property.SetValue(identity, objValue, null);
						}
					}
				}
			}
			catch(Exception e)
			{
				string str = e.Message;
				throw ;
			}
			return identity;
		}

		/// <summary>
		/// Redirects an authenticated user back to the originally requested URL.
		/// </summary>
		/// <param name="identity">CustomIdentity of an authenticated user</param>
		public static void RedirectFromLoginPage(CustomIdentity identity)
		{
			string cookieName = ConfigurationSettings.AppSettings[AUTHENTICATION_COOKIE_KEY];
			if(cookieName == null || cookieName.Trim() == String.Empty)
			{
				throw new Exception(" CustomAuthentication.Cookie.Name entry not found in appSettings section section of Web.config");
			}

			string cookieExpr = ConfigurationSettings.AppSettings[AUTHENTICATION_COOKIE_EXPIRATION_KEY];

			HttpRequest request = HttpContext.Current.Request;
			HttpResponse response = HttpContext.Current.Response;

			string encryptedUserDetails = Encrypt(identity);

			HttpCookie userCookie = new HttpCookie(cookieName.ToUpper(), encryptedUserDetails);
			if(cookieExpr != null && cookieExpr.Trim() != String.Empty)
			{
				userCookie.Expires = DateTime.Now.AddMinutes(int.Parse(cookieExpr));
			}
			response.Cookies.Add(userCookie);

			string returnUrl = request["ReturnUrl"];
			if(returnUrl != null && returnUrl.Trim() != String.Empty)
			{
				response.Redirect(returnUrl, false);
			}
			else
			{
				response.Redirect(request.ApplicationPath + "/default.aspx", false);
			}
		}
		
		#endregion

		#region private methods
		private object GetConvertedValue(string propertyValue, string propertyType)
		{
			Type argType = Type.GetType(propertyType);
			Object obj = new Object();
			if(argType == Type.GetType("System.String"))
			{
				obj = propertyValue.Trim();  // returning Primitive object
			}
			else
			{
				obj = Activator.CreateInstance(argType);  // creating an object of ArgumentType 
				obj = argType.InvokeMember("Parse", BindingFlags.Default |BindingFlags.InvokeMethod, null, obj, new object[] {propertyValue.Trim()});
			}

			return obj;
		}

		/// <summary>
		/// Used to split a string into an string array based on a separator
		/// </summary>
		/// <param name="seperator"></param>
		/// <param name="str"></param>
		/// <param name="strArray"></param>
		private static void Split(string seperator, string str, ArrayList strArray)
		{
			try
			{
				int start = 0, end = 0;
				end = str.IndexOf(seperator);
				if(end <= -1)
				{
					end = str.Length;
					strArray.Add(str.Substring(start, end - start));
					return;
				}
				strArray.Add(str.Substring(start, end - start));

				start = end + seperator.Length;
				end = str.Length;

				Split(seperator, str.Substring(start, end - start), strArray);
			}
			catch(Exception ex)
			{
				throw(ex);
			}
		}

		#endregion

		#region Properties
		/// <summary>
		/// Returns the configured cookie name used for the current application
		/// </summary>
		public string CookieName
		{
			get 
			{ 
				string cookieName = ConfigurationSettings.AppSettings[AUTHENTICATION_COOKIE_KEY];
				if(cookieName == null || cookieName.Trim() == String.Empty)
				{
					throw new Exception(" CustomAuthentication.Cookie.Name entry not found in appSettings section section of Web.config");
				}
				return cookieName;
			}
		}
		#endregion
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

I Piscean
Web Developer
United States United States
No Biography provided

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.150327.1 | Last Updated 3 Nov 2003
Article Copyright 2003 by I Piscean
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid