[转]OData and Authentication – Part 5 – Custom HttpModules
In the last post we saw how to add custom authentication inside your Data Service using the ProcessingRequest event.
Unfortunately that approach means authentication is not integrated or shared with the rest of your website.
Which means for all but the simplest scenarios a better approach is needed: HttpModules.
HttpModules can do all sort of things, including Authentication, and have the ability to intercept all requests to the website, essentially sitting under your Data Service.
This means you can remove all authentication logic from your Data Service. And create a HttpModule to protect everything on your website – including your Data Service.
Built-in Authentication Modules:
Thankfully IIS ships with a number of Authentication HttpModules:
- Windows Authentication
- Form Authentication
- Basic Authentication
You just need to enable the correct one and IIS will do the rest.
So by the time your request hits your Data Service the user with be authenticated.
Creating a Custom Authentication Module:
If however you need another authentication scheme you need to create and register a custom HttpModule.
So lets take our – incredibly naive – authentication logic from Part 4 and turn it into a HttpModule.
First we need a class that implements IHttpModule, and hooks up to the AuthenticateRequest event something like this:
public class CustomAuthenticationModule: IHttpModule
{
public void Init(HttpApplication context)
{
context.AuthenticateRequest +=
new EventHandler(context_AuthenticateRequest);
}
void context_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
if (!CustomAuthenticationProvider.Authenticate(app.Context))
{
app.Context.Response.Status = “ Unauthorized”;
app.Context.Response.StatusCode = ;
app.Context.Response.End();
}
}
public void Dispose() { }
}
We rely on the CustomAuthenticationProvider.Authenticate(..) method that we wrote in Part 4 to provide the actual authentication logic.
Finally we need to tell IIS to load our HttpModule, by adding this to our web.config:
<system.webServer>
<modules>
<add name=”CustomAuthenticationModule”
type=”SimpleService.CustomAuthenticationModule”/>
</modules>
</system.webServer>
Now when we try to access our Data Service – and the rest of the website – it should be protected by our HttpModule.
NOTE: If it this doesn’t work, you might have IIS 6 or 7 running in classic mode which requires slightly different configuration.
Summary.
In part 2 we looked about using Windows Authentication. And in parts 3, 4 and 5 we covered all the hooks available to Authentication logic in Data Services, and discovered that pretty much everything you need to do is possible.
Great.
Next we’ll focus on real world scenarios like:
- Forms Authentication
- Custom Basic Authentication
- OAuthWrap
- OAuth 2.0
- OpenId
- etc…
Alex James Program Manager Microsoft
[转]OData and Authentication – Part 5 – Custom HttpModules的更多相关文章
- [转]OData and Authentication – Part 6 – Custom Basic Authentication
本文转自:https://blogs.msdn.microsoft.com/astoriateam/2010/07/21/odata-and-authentication-part-6-custom- ...
- Java EE 7 / JAX-RS 2.0: Simple REST API Authentication & Authorization with Custom HTTP Header--reference
REST has made a lot of conveniences when it comes to implementing web services with the already avai ...
- Using HiveServer2 - Authentication
To configure Hive for use with HiveServer2, include the following configuration properties in the .. ...
- web.config配置详细说明
(一).Web.Config是以XML文件规范存储,配置文件分为以下格式 1.配置节处理程序声明 特点:位于配置文件的顶部,包含在<configSections>标志中. 2.特定应 ...
- [转帖]IIS内虚拟站点配置信息说明
web.config配置详细说明 https://www.cnblogs.com/zhangxiaolei521/p/5600607.html 原作者总结的很详细 但是没有完全的看完 自己对IIS 的 ...
- Web.Config详细说明
(一).Web.Config是以XML文件规范存储,配置文件分为以下格式 1.配置节处理程序声明 特点:位于配置文件的顶部,包含在<configSections>标志中. 2.特定应 ...
- Chapter 5: Design and implement security
Configure authentication Authenticating users IIS authentication Anonymous ASP.net impersonation Bas ...
- laravel/lumen 单元测试
Testing Introduction Application Testing Interacting With Your Application Testing JSON APIs Session ...
- 匿名访问ReportService报表服务器(一)
我的数据库版本是sql server 2008 r2,系统环境是windows server2008. 对于sql server 2008 r2上报rs报表的匿名访问问题,我这边尝试过两个可行方案: ...
随机推荐
- HBase – 探索HFile索引机制
本文由 网易云发布. 作者: 范欣欣 本篇文章仅限内部分享,如需转载,请联系网易获取授权. 01 HFile索引结构解析 HFile中索引结构根据索引层级的不同分为两种:single-level和m ...
- 「BZOJ4318」OSU!
题目链接 戳我 \(Solution\) 我们考虑每增加一个\(1\)会对答案有什么影响: \[E((x+1)^3)-E(x^3)=E(3x^2+3x+1)=3E(x^2)+3E(x)+1\] 所以我 ...
- 修改 Cloud image 的密码的简单方法
下载工具: yum -y install libguestfs-tools.noarch 打开DEBUG: export LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1 ...
- B - Bridging signals (LIS)
点击打开链接 B - Bridging signals 'Oh no, they've done it again', cries the chief designer at the Waferlan ...
- docker-ce的安装以及卸载
注意:以下命令无特殊说明外均在root用户下执行 一.Docker CE的安装 1. 首先,卸载老旧的docker. yum remove docker \ docker-client \ docke ...
- php-fpm 和 nginx 的两种通信方式
在 linux 中,nginx 服务器和 php-fpm 可以通过 tcp socket 和 unix socket 两种方式实现. 一下内容转自:https://blog.csdn.net/qq62 ...
- 位集合(BitSet)| Java数据结构
Java Bitset类 BitSet使用示例: import java.util.BitSet; public class BitSetDemo { public static void main( ...
- acedSSGet 翻译
ObjectARX 参考指南 > 全局函数 > AcEd 全局函数 > acedSSGet 函数 acedSSGet 折叠全部 C++ int acedSSGet( const AC ...
- java使用memcached2--集群部署
一.集群安装 1.编译安装magent-0.5到/usr/local/下 # cd /usr/local # mkdir magent # cd magent/ # wget http://memag ...
- [ActionScript 3.0] as3启动QQ
import flash.html.HTMLLoader; import flash.net.URLLoader; import flash.net.URLRequest; import flash. ...