|
using System;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
namespace santosh.web.security
{
/// <summary>
/// Summary description for AuthenticationModule.
/// </summary>
public class BaseAuthenticationModule : IHttpModule
{
protected string REALM = "My Application";
#region IHttpModule Members
public void Init(HttpApplication context)
{
// TODO: Add BasicModule.Init implementation
context.AuthenticateRequest +=new EventHandler(context_AuthenticateRequest);
context.EndRequest +=new EventHandler(context_EndRequest);
}
public void Dispose()
{
// TODO: Add BasicModule.Dispose implementation
}
#endregion
/// <summary>
/// Handles the AuthenticateRequest event of the application context.
/// </summary>
/// <param name="sender">The Application instance.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
private void context_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication) sender;
if (!application.Context.Request.IsAuthenticated)
{
string sAUTH = application.Request.ServerVariables["HTTP_AUTHORIZATION"];
if(sAUTH == null) return;
//Received Credentials, Authenticate user
if(sAUTH.Substring(0, 5).ToUpper() == "BASIC")
{
string[] sCredentials;
sCredentials = Base64Decode(sAUTH.Substring(6)).Split(':');
GenericPrincipal UserPrincipal = Authenticate(sCredentials);
if(UserPrincipal != null)
{
FormsAuthentication.Authenticate(sCredentials[0], sCredentials[1]);
application.Context.User = UserPrincipal;
}
}
}
}
/// <summary>
/// Authenticates the specified credentials.
/// </summary>
/// <param name="Credentials">The credentials (Username and Password).</param>
/// <param name="Roles">The string array containing roles.</param>
/// <returns></returns>
protected virtual GenericPrincipal Authenticate(string[] Credentials)
{
string[] Roles = null;
GenericPrincipal UserPrincipal = new GenericPrincipal(new GenericIdentity(Credentials[0]), Roles);
return UserPrincipal;
}
/// <summary>
/// Decodes Base64 encoded string.
/// </summary>
/// <param name="EncodedData">The encoded data.</param>
/// <returns></returns>
private string Base64Decode(string EncodedData)
{
try
{
System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decode = encoder.GetDecoder();
byte[] todecode_byte = Convert.FromBase64String(EncodedData);
int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
char[] decoded_char = new char[charCount];
utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
return new String(decoded_char);
}
catch(Exception e)
{
throw new Exception("Error in base64Decode" + e.Message);
}
}
/// <summary>
/// Handles the EndRequest event of the application context.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
private void context_EndRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication) sender;
if(application.Response.StatusCode == 401)
{
application.Response.AddHeader("WWW-Authenticate","BASIC Realm=" + REALM);
}
}
}
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.