Re: Authenticating against SQL with Basic Authentication

From: Greg Reinacker (gregnews@rassoc.com)
Date: 07/14/02 

From: "Greg Reinacker" <gregnews@rassoc.com>
Date: Sun, 14 Jul 2002 13:46:21 -0600

This is certainly possible; you just have to write a little code. Take a
look at this sample [1], which implements HTTP Basic authentication in .NET
without the use of ISAPI filters and Active Directory. It uses a XML file
for user credentials (to keep the sample simple), but it would be trivial to
modify it to use a database. Other related samples are at [2].

(watch for line breaks)

[1]
http://www.rassoc.com/gregr/weblog/stories/2002/06/26/webServicesSecurityHtt
pBasicAuthenticationWithoutActiveDirectory.html

[2] http://www.rassoc.com/gregr/weblog/misc/samples.html 

--
Greg Reinacker
Reinacker & Associates, Inc.
http://www.rassoc.com
http://www.rassoc.com/gregr/weblog/
"Vladimir Maysuradze" <mvv@intertech.com> wrote in message
news:ux8UPu1KCHA.1796@tkmsftngp09...
> As I understand it, basic authentication is not supported by .NET.
> It can be configured on IIS, but it has to map into Windows authentication
> in .NET.
> Instead, consider using form authentication with passing user name and
> password as QieryString.
> I had the same problem but I thought to ask first if there was a way to do
> it.
> Here is exchange with Aaron Margosis [MS] that I had.
> Start reading it from the bottom.
> I hope that helps.
>
>
>
> >Thanks!
> >Yes, it does make sense.
> >I changed logic in login.aspx page so it recognizes query string that
looks
> >like:
> >https://www.myserver.com/login.aspx?username=user&password=password>
> >The client services should be smart enough to call login first, but
that's
> >acceptable.
> >Thanks again!
>
>
> "Aaron Margosis [MS]" <aaronmaronline@microsoft.com> wrote in message
> news:#mqXYWXJCHA.3924@tkmsftngp10...
> > Not easily.  ASP.NET Forms auth determines whether the user is
> authenticated
> > by looking for an encrypted cookie, which the user cannot create.  If
the
> > cookie is not found or is invalid, you will get a client-side redirect
to
> > the app's login page.  Now, the logic in your login page could look in
the
> > query string for credentials and not wait for a post back.  I think the
> only
> > way to avoid the redirect through the login page is to make the first
> > request directly to the login page, specifying the credentials in the
> query
> > string along with the page to redirect to after authentication.  It will
> > still take a client-side redirect in order to pick up the cookie (which
> you
> > must retain for all future requests) and go to the desired page.
> >
> > I hope this makes sense...
> >
> > -- Aaron
>
>
> > "Vladimir Maysuradze" <mvv@intertech.com> wrote in message
> > news:OVNjrpKJCHA.2684@tkmsftngp10...
> > > In this case under "basic" I mean ability to place
> > > user name and password in the request, for example:
> > > https://username:password:@www.server.com
> > > The question that I have - is it possible to do something like this in
> > > ASP.NET?
> > > I want to have form authentication through my own SQL database using
> > > Form authentication and "basic" authentication to the same database
> > through
> > > URL.
> > > I need that for some automated client services that are not .NET, and
> need
> > > to have
> > > "silent" logon ability.
> > > Thanks!
>
>
>
>
> "Dave" <dave@xyz.com> wrote in message
news:#prHAEuKCHA.1696@tkmsftngp09...
> > I want to secure my web service with basic authentication but the user
> > authentication database is in SQL server.  How can I override the Basic
> > Authentication engine to validate against my database?
> >
> > I've tried creating an object that implement IHttpModule, connect to the
> > OnAuthenticate event and decode the Authorization header.  But I think
the
> > basic authentication engine still gets executed.  Can I override it?
> >
> > Thanks,
> > Dave
> >
> >
> >
> >
>
>

Relevant Pages

  • Re: Authentication issues: partially solved, but new troubles coming...
    ... > webserver and only basic authentication is selected, ... > When I enable integrated authentication, the login ... > both integrated and basic authentication), accessing it from the very same ... >key inherits the realm name from the next parent key that has the realm ...
    (microsoft.public.inetserver.iis.security)
  • BASIC authentication Issues with IE
    ... quarks has either gotten worst or Microsoft is now forcing some behavior ... to try to understand Microsoft's variant BASIC Authentication ... When you use explorer to open the C:\ root folder, ...
    (microsoft.public.inetserver.iis.security)
  • Re: HTTP_AUTHORIZATION header
    ... With Basic authentication, ... I use WFetch to make a Basic authenticated POST request against my CGI EXE ... Nitpick on your stated understanding of authentication protocols - ...
    (microsoft.public.inetserver.iis.security)
  • RE: Name mapping : 1 certificate, multiple user accounts
    ... If you have Basic Authentication disabled in IIS, ... Integrated authentication will prompt if the prerequisites for transparent ...
    (microsoft.public.inetserver.iis.security)
  • Re: An outside client cant access our WSS website
    ... they need to be using Basic Authentication. ... SSL just that you would be very wise for security reasons to use it (because ... >>> One client can't access our website from their company office. ...
    (microsoft.public.sharepoint.windowsservices)