BasicAuthenticationModule

This class is authentication module, implementing the Basic authentication, as specified in the following standards:
  • RFC2616 (Hypertext Transfer Protocol -- HTTP/1.1)
  • RFC2617 (HTTP Authentication: Basic and Digest Access Authentication)

ASP.NET itself does not support basic authentication, but relies on the web server (IIS) support. All versions of IIS, including 7.0, support basic authentication, but only against system user database (local or domain users).

This implementation uses standard Membership technology in ASP.NET as user database. Can be used either as ASP.NET module or IIS 7.0 module.

Configuration

Basic configuration requires only registration of the Altairis.Web.Security.BasicAuthenticationModule class as a HTTP module, either on ASP.NET or IIS level, and turning off other forms of authentication.

You may specify, in custom configuration section, the realm the user is expected to login to. The realm name will be displayed to user when the system login dialog is shown.

You may see sample configuration file including the extended configuration here:

<?xml version="1.0"?>
<configuration>
    <configSections>
        <sectionGroup name="altairis.web">
            <section name="security" 
                     type="Altairis.Web.Security.Configuration.SecuritySection, Altairis.Web.Security"/>
        </sectionGroup>
    </configSections>

    <!-- Configuration of basic authentication module -->
    <altairis.web>
        <security>
            <basicAuthentication realm="Sample Web Site"/>
        </security>
    </altairis.web>

    <system.web>
        <compilation debug="true" />

        <!-- We need to switch off the default authentication -->
        <authentication mode="None"/>

        <!-- Then we register our own module -->
        <httpModules>
            <add name="BasicAuthenticationModule" 
                 type="Altairis.Web.Security.BasicAuthenticationModule, Altairis.Web.Security"/>
        </httpModules>

        <!-- 
            As a simple solution, We're using the plain text membership provider here.
            You can use any provider you like.
        -->
        <membership defaultProvider="MyMembershipProvider">
            <providers>
                <clear/>
                <add name="MyMembershipProvider"
                     type="Altairis.Web.Security.PlainTextMembershipProvider, Altairis.Web.Security"
                     dataFilePath="~/App_Data/users.txt"
                     ignoreInvalidLines="true"
                     cacheExpirationTime="60" />
            </providers>
        </membership>
    </system.web>

    <!-- The following configuration is required for IIS 7.0 only -->
    <system.webServer>
        <validation validateIntegratedModeConfiguration="false"/>
        <modules>
            <add name="BasicAuthenticationModule" preCondition="managedHandler" 
                 type="Altairis.Web.Security.BasicAuthenticationModule, Altairis.Web.Security" />
        </modules>
    </system.webServer>
</configuration>

Last edited Oct 30, 2008 at 3:49 PM by altair, version 1

Comments

No comments yet.