Click here to Skip to main content
13,344,281 members (80,171 online)
Click here to Skip to main content


51 bookmarked
Posted 13 May 2008

Secure Persistent ASP.NET Forms Authentication

, 27 Aug 2008
An ASP.NET system for having two authentication cookies, one secure and one insecure, to have multiple tiers of security by folder.
' Copyright (c) 2008 Pathfinder Software, LLC.  All Rights Reserved.
' Pathfinder Software <>
' PartialAuthenticationSystem is distributed under the terms of the GNU Lesser General Public License (GPL)

' PartialAuthenticationSystem is free software: you can redistribute it and/or modify
' it under the terms of the GNU Lesser General Public License as published by
' the Free Software Foundation, either version 3 of the License, or
' (at your option) any later version.

' PartialAuthenticationSystem is distributed in the hope that it will be useful,
' but WITHOUT ANY WARRANTY; without even the implied warranty of
' GNU Lesser General Public License for more details.

' You should have received a copy of the GNU Lesser General Public License
' along with PartialAuthenticationSystem.  If not, see <>.

Imports System.Security.Principal
Imports System.Web.Configuration
Imports System.Web.Security

Public Class PartialAuthorizationModule
    Implements IHttpModule

    Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
    End Sub

    Public Sub Init(ByVal context As System.Web.HttpApplication) Implements System.Web.IHttpModule.Init
        AddHandler context.AuthorizeRequest, AddressOf AuthorizeRequest
    End Sub

    Private Sub RedirectProtocol(ByVal context As HttpContext, ByVal protocol As String)
        Dim Url As Uri = context.Request.Url
        context.Response.Redirect(protocol & Url.AbsoluteUri.Substring(Url.Scheme.Length), True)
    End Sub

    Private Sub AuthorizeRequest(ByVal sender As System.Object, ByVal e As System.EventArgs)
        Dim application As HttpApplication = sender
        Dim context As HttpContext = application.Context

        Dim section As PartialAuthorizationSection = WebConfigurationManager.GetSection("partialAuthenticationSystem/authorization", context.Request.Path)
        If section.RequireSSL = SslRequirement.None AndAlso context.Request.IsSecureConnection Then
            If Not context.Request.FilePath.EndsWith(".axd", StringComparison.InvariantCultureIgnoreCase) Then
                RedirectProtocol(context, "http")
                Exit Sub
            End If
        ElseIf section.RequireSSL = SslRequirement.Required AndAlso Not context.Request.IsSecureConnection Then
            RedirectProtocol(context, "https")
            Exit Sub
        End If

        If section.RequireLogin Then
            If context.User Is Nothing OrElse context.User.Identity Is Nothing Then
            ElseIf context.User.Identity.AuthenticationType = "Partial" Then
            End If
        End If
    End Sub

End Class

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.


This article, along with any associated source code and files, is licensed under The GNU Lesser General Public License (LGPLv3)


About the Author

Software Developer (Senior) Pathfinder Software
United States United States
No Biography provided

You may also be interested in...

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.180111.1 | Last Updated 27 Aug 2008
Article Copyright 2008 by BrantBurnett
Everything else Copyright © CodeProject, 1999-2018
Layout: fixed | fluid