How to integrate custom security policy with Windows domain authentication in ASP.NET

 

Generally, the ASP.NET built in Windows domain authentication is not sufficient. For example, we often need to use Windows domain authentication with database information. Here is my example which shows how to do this in ASP.NET.

Configure IIS 6.0 to support our custom Windows domain authentication.

  1. Open IIS and right click our website.
  2. Click "Properties" menu to open "Properties" window.
  3. Select "Directory Security" tab.
  4. Click "Edit..." button to open "Authentication Methods" window.
  5. Clear "Enable anonymous access".
  6. Check "Integrated Windows Authentication" box.
  7. Click "OK" button to close all opened windows.

Write following codes.

 


public class MyAuthenticationModule : IHttpModule
{
    public void Dispose() { }

    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += delegate
        {
            IIdentity identity = HttpContext.Current.User.Identity;

            if (identity == null || !identity.IsAuthenticated)
                return;

            string userName = GetUserName(identity.Name);

            if (!IsValidUser(userName))
            {
                HttpContext.Current.User = null;
                return;
            }

            IEnumerable<MyRole> roles = GetRoles(userName);
            MyIdentity myIdentity = new MyIdentity(userName, roles);
            MyPrincipal myPrincipal = new MyPrincipal(myIdentity);

            HttpContext.Current.User = myPrincipal;
        };
    }

    private static string GetUserName(string fullName)
    {
        int separatorIndex = fullName.IndexOf('\\');
        return fullName.Substring(separatorIndex + 1);
    }

    private static bool IsValidUser(string userName)
    {
        // Replace following code with validation from database
        return false;
    }

    private static IEnumerable<MyRole> GetRoles(string userName)
    {
        // Replace here with your custom code. For example, get from database etc.
        return null;
    }
}

[Serializable]
public class MyIdentity : IIdentity
{
    private readonly List<MyRole> roles = new List<MyRole>();

    public MyIdentity(string name, IEnumerable<MyRole> roles)
    {
        if (string.IsNullOrEmpty(name)) throw new ArgumentNullException("name");

        this.Name = name;
        if (roles != null)
            this.roles.AddRange(roles);
    }

    public string AuthenticationType
    {
        get { return "My Authentication Type"; }
    }

    public bool IsAuthenticated
    {
        get { return true; }
    }

    public string Name { getprivate set; }

    public IList<MyRole> Roles
    {
        get { return this.roles; }
    }

    // add your custom code here
}

[Serializable]
public class MyPrincipal : IPrincipal
{
    private readonly MyIdentity identity;

    public MyPrincipal(MyIdentity identity)
    {
        if (identity == nullthrow new ArgumentNullException("identity");

        this.identity = identity;
    }

    public IIdentity Identity
    {
        get { return this.identity; }
    }

    public bool IsInRole(string role)
    {
        if (string.IsNullOrEmpty(role)) throw new ArgumentNullException("role");

        return this.identity.Roles.Count(myRole => string.Compare(myRole.Name, role, true== 0!= 0;
    }

    // add your custom code here
}

[Serializable]
public class MyRole
{
    public MyRole(string name)
    {
        if (string.IsNullOrEmpty(name)) throw new ArgumentNullException("name");

        this.Name = name;
    }

    public string Name { getprivate set; }

    // add your custom code here
}

 

Configure web.config.

 


<httpModules>
   <add name="MyAuthenticationModule" type="MyAuthenticationModule"/>
</httpModules>
posted on 2009-03-02 09:36  大斌锅  阅读(183)  评论(0编辑  收藏  举报