Re: Accessing Authenticate Header
From: Matt Long (mlong@phalanxsys.com)
Date: 12/20/02
- Next message: Joe Kaplan: "Re: Accessing Authenticate Header"
- Previous message: Joe Kaplan: "Re: Accessing Authenticate Header"
- In reply to: Joe Kaplan: "Re: Accessing Authenticate Header"
- Next in thread: Joe Kaplan: "Re: Accessing Authenticate Header"
- Reply: Joe Kaplan: "Re: Accessing Authenticate Header"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Matt Long" <mlong@phalanxsys.com> Date: Fri, 20 Dec 2002 14:11:27 -0600
Joe,
What I'm after is
1) IIS configuration for anonymous access ONLY (NO Basic Authentication)
2) Client sends AUTHORIZATION header for basic authentication
3) Handler or Module reads the AUTHORIZATION header and authenticates
without involving IIS.
Under IIS configured for anonymous access (any combo) the AUTHORIZATION
header will not be found as well as AUTH_USER and AUTH_PASSWORD equal to
empty strings.
-Matt
"Joe Kaplan" <ilearnedthisthehardway@noway.com> wrote in message
news:e20bMRFqCHA.2252@TK2MSFTNGP12...
> Wouldn't you want to do this with an HTTPModule instead of a Handler?
>
> From my experience with building a custom authorization module, I was able
> to easily read the HTTP_AUTHORIZATION header using:
> httpAuth = context.Request.ServerVariables.Get("HTTP_AUTHORIZATION")
>
> From there, it was a simple matter to use some regexes to verify that it
was
> a basic auth header, parse it and then use the username and password from
> whatever source.
>
> In my module, I trapped the AuthenticateRequest event because I am
assuming
> that something up the food chain is actually authenticating the request (I
> am just providing additional authorization services), but you should be
able
> to trap an earlier event such as BeginRequest if you want to have the
> ability to provide authentication services.
>
> Just a thought,
>
> Joe K.
>
> "Matt Long" <mlong@phalanxsys.com> wrote in message
> news:ufQX0LCqCHA.1888@TK2MSFTNGP09...
> > Sorry...I'm referring to the "Authorization" Header not "Authenticate"
.
> > Additionally, global.asax appears to incorporate the same behaviour.
> >
> > Thx,
> >
> > -Matt
> >
> >
> > "Matt Long" <mlong@phalanxsys.com> wrote in message
> > news:OfXdd9BqCHA.1660@TK2MSFTNGP10...
> > > Hi,
> > >
> > > I would like to access the HTTP Header "Authenticate" such that I can
> read
> > > the base64 encoded username:password and authenticate the user
> > independently
> > > of IIS. The problem that I seem to have encountered is that by
creating
> a
> > > listener via inherenting either IHttpHandler or IHttpAsyncHandler does
> not
> > > allow me access to the "Authenticate" header. It seems that if I
> enable
> > > Basic Authentication with IIS, I can read the header if and only if
the
> > > header is authenticated by IIS. However, if I enable IIS with
anonymous
> > > authentication AND send a request with an "Authenticate" header via
> > > CredentialsCache, the header is not present in the HttpRequest headers
> > > collection.
> > >
> > > Other than much entra effort building a host from HttpWorkerRequest is
> > this
> > > going to be possible to read the "Authenticate" header from a listener
> > > inherenting
> > > from either IHttpHandler or IHttpAsyncHandler???
> > >
> > > Thx,
> > >
> > > -Matt
> > >
> > >
> > >
> > >
> >
> >
>
>
- Next message: Joe Kaplan: "Re: Accessing Authenticate Header"
- Previous message: Joe Kaplan: "Re: Accessing Authenticate Header"
- In reply to: Joe Kaplan: "Re: Accessing Authenticate Header"
- Next in thread: Joe Kaplan: "Re: Accessing Authenticate Header"
- Reply: Joe Kaplan: "Re: Accessing Authenticate Header"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
