Click here to Skip to main content
15,884,739 members
Search within:


Articles / Web Development / IIS
 
Article

Authentication at the IIS Level

Rate me:
Please Sign up or sign in to vote.
3.38/5 (7 votes)
6 Sep 2011CPOL2 min read 20.8K   11   8
This post talks about the authentication procedure that can be done in IIS.

Introduction

This post basically explains how an authentication can happen at the IIS level.

Background

It all happened when I interviewed a guy with quite a good amount of experience, I then noted that many experienced guys lacked the so called basics. I remember asking him this question; “I would want to authenticate the user as a valid user even before the request hits the page, I don't want to use Forms or Windows authentication”. The answer I got back was terrible – the candidate replied saying the check can be done at either page_load or page_init.

Explanation

In my post http://bloggingbunk.com/2011/07/net-in-depth-understanding-request-life-cycle/, I discussed about 2 main elements:

  1. HttpModule
  2. HttpHandler

For any request, the IIS first calls the HttpModule then the HttpHandler then the Page and then the HttpModule.

In your project, while designing on the asp pages, create a class which will inherit iHttpModule. This class will implement all the methods of HttpModule. Now put your authentication code at BeginRequest. For e.g., say your project stores important data persisted in cookies; send the cookie information alongside of the request. The following figure depicts how your request will fetch the page. The pipe represents the HttpModule and the HttpHandler.

AuthenticationatIIS.jpg

Now, these checks that you see can be a call to the DB or to any authentication system or even to an Access Control Policy routine.

With the HttpModules being handy, we have the leverage to do anything before the request hits the page.

This goes on to say that while the page life cycle is complete-HttpModule can also help us in doing any operation under EndRequest; it can be a check for the response or anything.

You can have more security in place if you can leverage HttpModule’s: BeginRequest, AuthoriseRequest and EndRequest along with HttpHandler’s: ProcessRequest.

Conclusion

Basically to sum it up - this methodology gracefully carries our pipeline pattern. Hope you understood the Authentication at IIS. Please shoot your questions as comments and I will reply.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
s.jdm
Architect Tesco
United Kingdom United Kingdom
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
First Prev Next
QuestionExample for authentication at IIS Level Pin
SandeepKag30-Mar-15 6:20
SandeepKag30-Mar-15 6:20 
GeneralMy vote of 1 Pin
brianma12-Sep-11 8:24
professionalbrianma12-Sep-11 8:24 
GeneralRe: My vote of 1 Pin
s.jdm12-Sep-11 18:24
s.jdm12-Sep-11 18:24 
GeneralRe: My vote of 1 Pin
brianma12-Sep-11 22:08
professionalbrianma12-Sep-11 22:08 
GeneralRe: My vote of 1 Pin
s.jdm12-Sep-11 22:09
s.jdm12-Sep-11 22:09 
QuestionPlease give an example and some code Pin
Dan Mordechay8-Sep-11 1:00
Dan Mordechay8-Sep-11 1:00 
AnswerRe: Please give an example and some code Pin
s.jdm8-Sep-11 1:31
s.jdm8-Sep-11 1:31 
GeneralMy vote of 1 Pin
Rumen Yankov7-Sep-11 2:03
Rumen Yankov7-Sep-11 2:03 
Last Visit: 31-Dec-99 18:00     Last Update: 24-Apr-24 0:35Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 6 Sep 2011

Article Copyright 2011 by s.jdm
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1