How to integrate custom security policy into Windows domain authentication

文章目錄

• Configure IIS 6.0 to support our custom Windows domain authentication.
• Write following codes.
• Configure web.config.

Generally, the ASP.NET built in Windows domain authentication is not sufficient. For example, we often need to use Windows domain authentication with database information. Here is my example which shows how to do this in ASP.NET.

Configure IIS 6.0 to support our custom Windows domain authentication.

1. Open IIS and right click our website.
2. Click "Properties" menu to open "Properties" window.
3. Select "Directory Security" tab.
4. Click "Edit..." button to open "Authentication Methods" window.
5. Clear "Enable anonymous access".
6. Check "Integrated Windows Authentication" box.
7. Click "OK" button to close all opened windows.

Write following codes.C# code
public class MyAuthenticationModule : IHttpModule
{
    public void Dispose() { }

    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += delegate
        {
            IIdentity identity = HttpContext.Current.User.Identity;

            if (identity == null || !identity.IsAuthenticated)
                return;

            string userName = GetUserName(identity.Name);

            if (!IsValidUser(userName))
            {
                HttpContext.Current.User = null;
                return;
            }

            IEnumerable<MyRole> roles = GetRoles(userName);
            MyIdentity myIdentity = new MyIdentity(userName, roles);
            MyPrincipal myPrincipal = new MyPrincipal(myIdentity);

            HttpContext.Current.User = myPrincipal;
        };
    }

    private static string GetUserName(string fullName)
    {
        int separatorIndex = fullName.IndexOf('\\');
        return fullName.Substring(separatorIndex + 1);
    }

    private static bool IsValidUser(string userName)
    {
        // Replace following code with validation from database
        return false;
    }

    private static IEnumerable<MyRole> GetRoles(string userName)
    {
        // Replace here with your custom code. For example, get from database etc.
        return null;
    }
}

[Serializable]
public class MyIdentity : IIdentity
{
    private readonly List<MyRole> roles = new List<MyRole>();

    public MyIdentity(string name, IEnumerable<MyRole> roles)
    {
        if (string.IsNullOrEmpty(name)) throw new ArgumentNullException("name");

        this.Name = name;
        if (roles != null)
            this.roles.AddRange(roles);
    }

    public string AuthenticationType
    {
        get { return "My Authentication Type"; }
    }

    public bool IsAuthenticated
    {
        get { return true; }
    }

    public string Name { get; private set; }

    public IList<MyRole> Roles
    {
        get { return this.roles; }
    }

    // add your custom code here
}

[Serializable]
public class MyPrincipal : IPrincipal
{
    private readonly MyIdentity identity;

    public MyPrincipal(MyIdentity identity)
    {
        if (identity == null) throw new ArgumentNullException("identity");

        this.identity = identity;
    }

    public IIdentity Identity
    {
        get { return this.identity; }
    }

    public bool IsInRole(string role)
    {
        if (string.IsNullOrEmpty(role)) throw new ArgumentNullException("role");

        return this.identity.Roles.Count(myRole => string.Compare(myRole.Name, role, true) == 0) != 0;
    }

    // add your custom code here
}

[Serializable]
public class MyRole
{
    public MyRole(string name)
    {
        if (string.IsNullOrEmpty(name)) throw new ArgumentNullException("name");

        this.Name = name;
    }

    public string Name { get; private set; }

    // add your custom code here
}Configure web.config.Web.config
<authentication mode="Windows"/>
<authorization>
  <deny users="?"/>
  <allow users="*"/>
</authorization>
<httpModules>
  <add name="MyAuthenticationModule" type="MyAuthenticationModule"/>
</httpModules>