RE: Windows authentication with custom user store
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 23 May 2007 11:44:18 +0000 (UTC)
You can write an HttpModule that handles AuthorizeRequest (or in global.asax for a start)
in this event you can check your userstore and see if the user is in the allowed list.
This event gets called on every request - once you have this working, you can think about optimizations, like a cookie or a flag in the cache...
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Another option could be the use of a custom "authentication cookie"
that is issued after the user is located in the user store. This
cookie should then be checked in every request. What would be a good
technique for this solution?
.
- Prev by Date: Re: X.509 Certificate based authentication
- Next by Date: Re: X.509 Certificate based authentication
- Previous by thread: Re: how to avoid challenge window when windows authentication mode is
- Next by thread: Re: Windows authentication with custom user store
- Index(es):
Relevant Pages
|
|
