Microsoft KB Archive/331501

= HOW TO: Create an IAuthenticationModule by Using Visual Basic .NET =

Article ID: 331501

Article Last Modified on 4/19/2007

-

APPLIES TO


 * Microsoft ASP.NET 1.1
 * Microsoft ASP.NET 1.0
 * Microsoft Visual Basic .NET 2003 Standard Edition
 * Microsoft Visual Basic .NET 2002 Standard Edition

-



This article was previously published under Q331501



IN THIS TASK
 * SUMMARY
 * Implement the IAuthenticationModule Interface
 * Create an Application to Test the Module
 * Deploy the Module and Configure the System
 * Test the Module
 * REFERENCES



SUMMARY
This step-by-step article discusses how to use Visual Basic .NET to create an implementation of an IAuthenticationModule module that performs Basic authentication. This article describes how to create, deploy, configure, and then test the authentication module.

An authentication module is a component that a client uses to perform authentication with the server. Applications that use the WebResponse class rely on the authentication module.

back to the top

Implement the IAuthenticationModule Interface
 Start Microsoft Visual Studio .NET. On the File menu, point to Add Project, and then click New Project. In the New Project dialog box, click Visual Basic Projects under Project Type. Under Templates, click Class Library, and then name your project MyAuthenticationModule.  Add the following directives to the class: Imports System.Net Imports System.Text  Rename the class MyAuthenticationModule.vb, and then change the class definition to reflect this change. Implement the IAuthenticationModule interface. Your class definition appears as follows:

Public Class MyAuthenticationModule

Implements IAuthenticationModule

</li> From the IAuthenticationModule interface, implement the following (with these returns, to keep it simple): <ul> The Authenticate method</li> The PreAuthenticate property (return Nothing)</li> The AuthenticationType property</li> The CanPreAuthenticate property (return False)</li></ul> </li>  Use the following code for MyAuthenticationModule.vb: Imports System.Net Imports System.Text

Public Class MyAuthenticationModule Implements IAuthenticationModule

Private m_myAuthType As String = &quot;Basic&quot;

Public Function Authenticate(ByVal challenge As String, ByVal request As WebRequest, ByVal credentials As ICredentials) As Authorization Implements IAuthenticationModule.Authenticate

Dim myHttpWebRequest As HttpWebRequest = request Dim myIndex As Integer = challenge.ToLower.IndexOf(m_myAuthType.ToLower)

If (-1 = myIndex) Then Return Nothing 'Basic authentication was not the MyChallenge.

Dim myDomain As String = credentials.GetCredential(request.RequestUri, m_myAuthType).Domain Dim myUserName As String = credentials.GetCredential(request.RequestUri, m_myAuthType).UserName Dim myPassword As String = credentials.GetCredential(request.RequestUri, m_myAuthType).Password

Debug.WriteLine(&quot;Authentication module is invoked for &quot; & myDomain & &quot;\&quot; & myUserName)

Dim myAuthBytes As Byte = Encoding.ASCII.GetBytes(myDomain & &quot;\&quot; & myUserName & &quot;:&quot; & myPassword)

Dim myAuthString As String = System.Convert.ToBase64String(myAuthBytes)

Return New Authorization(m_myAuthType & &quot; &quot; & myAuthString, True, &quot;myAuth&quot;)

End Function

Public ReadOnly Property AuthenticationType As String Implements IAuthenticationModule.AuthenticationType Get Return m_myAuthType End Get End Property

Public ReadOnly Property CanPreAuthenticate As Boolean Implements IAuthenticationModule.CanPreAuthenticate Get Return False End Get End Property

Public Function PreAuthenticate(ByVal request As WebRequest, ByVal credentials As ICredentials) As Authorization Implements IAuthenticationModule.PreAuthenticate Return Nothing End Function End Class </li> Compile the project.</li></ol>

back to the top

Create an Application to Test the Module
<ol> Start Visual Studio .NET.</li> On the File menu, point to Add Project, and then click New Project.</li> In the New Project dialog box, click Visual Basic Projects under Project Type.</li> Under Templates, click Console Application, and then name it AuthModuleTester.</li> Rename the class AuthModuleTester.vb, and then change the class definition to AuthModuleTester.</li>  Use the following code for AuthModuleTester.vb: Imports System.IO Imports System.Net Imports System.Text

Module AuthModuleTester Public Class AuthModuleTester

Public Shared Sub Main(ByVal MyArgs As String)

Dim myRequest As HttpWebRequest = Nothing

Try myRequest = WebRequest.Create(CStr(MyArgs(0)))

Dim myDomain As String = &quot;<Domain>&quot;  'Give the Machine or Domain name Dim myUserName As String = &quot;<User>&quot;    'Give the User name Dim myPassword As String = &quot;<Password>&quot;  'Give the Password

myRequest.Credentials = New NetworkCredential(myUserName, myPassword, myDomain)

Catch ex As Exception Console.WriteLine(&quot;Exception &quot; & ex.Message) End Try

Dim myResponse As HttpWebResponse = Nothing

Try myResponse = CType(myRequest.GetResponse, HttpWebResponse) Catch ex As Exception Console.WriteLine(&quot;Exception &quot; & ex.Message) End Try

Dim myResponseStream As Stream = myResponse.GetResponseStream Dim myOneByte As Integer = -1 Dim myResponseText As New StringBuilder

If (True = myResponseStream.CanRead) Then myOneByte = myResponseStream.ReadByte While (myOneByte <> -1) myResponseText.Append(Convert.ToChar(myOneByte)) myOneByte = myResponseStream.ReadByte End While Else Console.WriteLine(&quot;Unable to read from myResponse stream.&quot;) End If

Console.WriteLine(myResponseText.ToString)

End Sub End Class End Module </li> Update the code in step 6 by using the following active user settings: <ul> Replace <Domain> with your active domain name or computer name.</li> <li>Replace <User> with the active user name on this computer.</li> <li>Replace <Password> with the active user password on this computer.</li></ul> </li> <li>Right-click AuthModuleTester, and then click Properties. The AuthModuleTester Property Pages dialog box appears.</li> <li>In the Startup object box, select AuthModuleTester.AuthModuleTester.</li> <li>Compile the project.</li></ol>

back to the top

Deploy the Module and Configure the System
<ol> <li>Copy the MyAuthenticationModule.dll assembly to the folder where the AuthModuleTester.exe assembly is located.</li> <li>Create a file named AuthModuleTester.exe.config in the same folder.</li> <li> Add the following code to AuthModuleTester.exe.config: <system.net> <authenticationModules> <remove type=&quot;System.Net.BasicClient&quot; /> <add type=&quot;MyAuthenticationModule.MyAuthenticationModule, MyAuthenticationModule&quot; /> </authenticationModules> </system.net> </li></ol>

By using this configuration, you can use your module to authenticate Basic authentication challenges from a Web server. The .NET Framework includes authentication modules that support Basic, NTLM, Kerberos, Negotiate, and Digest authentication. For your module to be called upon for Basic (instead of .NET) authentication, the remove type=&quot;System.Net.BasicClient&quot; / line removes System.Net.BasicClient from the authenticationModules list. Keep this configuration only during the testing of your module.

back to the top

Test the Module
<ol> <li> Create an ASP.NET page named Page1.aspx, and then put it in a Microsoft Internet Information Services (IIS) application. Add the following code to the application: <% Response.Write(&quot;Hello &quot; & Context.User.Identity.Name) %> Note To paste the code in the Visual Studio .NET Editor, click Edit, and then click Paste as HTML. </li> <li>To secure the page by using only Basic authentication, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to Programs, point to Administrative tools, and then click Internet Information Services.</li> <li>Expand Web Sites.</li> <li>Locate your ASP.NET application folder, and then click Page1.aspx.</li> <li>Right-click Page1.aspx, and then click Properties.</li> <li>In Properties, click the File Security tab.</li> <li>Under Anonymous access and authentication control, click edit.</li> <li>In the Authentication Methods dialog box, click to select the Basic authentication check box under Authenticated access.</li> <li>Click to clear all other check boxes, and then click OK.</li></ol> </li> <li>Run the AuthModuleTester.exe application at the command line, and then pass the URL as argument. For example:

AuthModuleTester &quot;http:// / /page1.aspx&quot;

You receive the following results:

Hello \

</li></ol>

back to the top

<div class="references_section">