Microsoft KB Archive/318786

= HOW TO: Create An IAuthenticationModule by Using Visual C# .NET =

Article ID: 318786

Article Last Modified on 7/11/2005

-

APPLIES TO


 * Microsoft ASP.NET 1.0
 * Microsoft Visual C# .NET 2002 Standard Edition
 * Microsoft ASP.NET 1.1
 * Microsoft Visual C# .NET 2003 Standard Edition

-



This article was previously published under Q318786



IN THIS TASK

 * Implement the IAuthenticationModule Interface
 * Create an Application to Test the Module
 * Deploy the Module and Configure the System
 * Test the Module



SUMMARY
This step-by-step article demonstrates how to use Visual C# .NET to create an implementation of an IAuthenticationModule that performs Basic authentication. This article demonstrates how to create, deploy, configure, and test the authentication module.

An authentication module is a component that a client uses to perform authenticaton with the server. Applications that use WebResponse class rely on the authentication module.

back to the top

Implement the IAuthenticationModule Interface
 Open Microsoft Visual Studio .NET. In Visual C# .NET, create a new Class Library project named MyAuthenticationModule.  Add the following directives to the class: using System.Net; using System.Text;  Rename the class to MyAuthenticationModule.cs, and then change the class definition to reflect this change.  Implement the IAuthenticationModule interface. Your class definition should appear as follows: public class MyAuthenticationModule : IAuthenticationModule  From the IAuthenticationModule interface, implement the following (with these returns, to keep it simple):  The Authenticate method The PreAuthenticate property (return Null)</li> The AuthenticationType property</li> The CanPreAuthenticate property (return False)</li></ul> </li>  Code for MyAuthenticationModule.cs using System; using System.Net; using System.Text;

namespace MyAuthenticationModule { public class MyAuthenticationModule : IAuthenticationModule {   private string _authType = &quot;Basic&quot;;

public Authorization Authenticate(String challenge, WebRequest request, ICredentials credentials) {     HttpWebRequest httpWebRequest = request as HttpWebRequest; int index = challenge.ToLower.IndexOf(_authType.ToLower); if(-1 == index)//Basic authetication was not the challenge. {return null;}

String domain = credentials.GetCredential(request.RequestUri, _authType).Domain; String username = credentials.GetCredential(request.RequestUri, _authType).UserName; String password = credentials.GetCredential(request.RequestUri, _authType).Password;

byte[] authBytes = System.Text.Encoding.ASCII.GetBytes(domain + &quot;\\&quot; + username + &quot;:&quot; + password); String authString = Convert.ToBase64String(authBytes);

return new Authorization(_authType + &quot; &quot; + authString, true, &quot;myAuth&quot;); }

public Authorization PreAuthenticate(WebRequest request, ICredentials credentials) {return null;}

public String AuthenticationType {get{return _authType;}}

public bool CanPreAuthenticate {get{return false;}} } }                   </li> Compile the project.</li></ol>

back to the top

Create an Application to Test the Module
<ol> In Visual Studio .NET, on the File menu, click Add Project, and then click New Project.</li> In the New Project dialog box, click Console Application project under Project Type, and then name it AuthModuleTester.</li>  Add the following directives to the class: using System.IO; using System.Net; using System.Text; </li> Rename the class to AuthModuleTester.cs, and then change the class definition to reflect this.</li>  Code for AuthModuleTester.cs: using System; using System.IO; using System.Net; using System.Text;

namespace AuthModuleTester { class AuthModuleTester {   static void Main(string[] args) {     HttpWebRequest request = null; try {       request = WebRequest.Create(args[0]) as HttpWebRequest; String domain = &quot; &quot;; String username = &quot; &quot;; String password = &quot; &quot;; request.Credentials = new NetworkCredential(username, password, domain); }     catch(Exception ex) {       Console.WriteLine(&quot;Exception &quot; + ex.Message); return; }

HttpWebResponse response = null;

try {       response = request.GetResponse as HttpWebResponse; }     catch(Exception ex) {       Console.WriteLine(&quot;Exception &quot; + ex.Message); return; }

Stream responseStream = response.GetResponseStream; int oneByte = -1;

StringBuilder responseText = new StringBuilder; if(true == responseStream.CanRead) {       while(-1 != (oneByte = responseStream.ReadByte)) {         responseText.Append((char)oneByte); }     }      else {       Console.WriteLine(&quot;Unable to read from response stream.&quot;); return; }

Console.WriteLine(responseText.ToString); }        } }                    </li> Compile the project.</li></ol>

back to the top

Deploy the Module and Configure the System
<ol> Copy the MyAuthenticationModule.dll assembly to the directory where the AuthModuleTester.exe assembly is located.</li> Create a file named AuthModuleTester.exe.config in the same directory.</li>  Add the following code to AuthModuleTester.exe.config: <system.net> <authenticationModules> <remove type=&quot;System.Net.BasicClient&quot; /> <add type=&quot;MyAuthenticationModule.MyAuthenticationModule, MyAuthenticationModule&quot; /> </authenticationModules> </system.net> With this configuration, your module can be used to authenticate Basic authentication challenges from a Web server. The .NET Framework includes authentication modules that support Basic, NTLM, Kerberos, Negotiate, and Digest authentication. In order for your module to be called upon for Basic (instead of .NET) authentication, the  line removes System.Net.BasicClient from the   list. Keep this configuration only during the testing of your module. </li></ol>

back to the top

Test the Module
<ol>  Create an ASP.NET page named Page1.aspx, and then put it in an IIS application with the following code: <% Response.Write(&quot;Hello &quot; + Context.User.Identity.Name); %> </li> Secure the page with only Basic authentication.</li> <li>Run the AuthModuleTester.exe application at the command line, and then pass in the URL to Page1.aspx.</li> <li>If the active debugger window is present, you will see a string generated by the authentication module.</li></ol>

You can expect to receive the following results: Hello \ back to the top

Keywords: kbhowtomaster kbsecurity KB318786

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.