473,836 Members | 1,498 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Retrieving if current request is for a resource requiring authentication

Hello all,

We are using Forms Authentication in an application to protect both
sensitive ASP.Net pages and Web services.

This question is relating to Web services and forms authentication,
and I will try to explain the issue by detailing how a client accesses
a secure Web service.

1) The Web service client accesses an unsecured login Web service,
passing in a username and password.
2) If the user is successfully authenticated, the Web service returns
an encrypted Forms Authentication ticket as a string.
3) Secure Web services all sit under a directory secured by Forms
Authentication in the usual manner in the Web.config. Hence
unathenticated access causes a redirect to Login.aspx and the request
is rejected.
4) To call a secured Web service, the client attaches the
authentication ticket in the Soap header of the Web service proxy, and
then calls the required method on the service
5) At the server, we user an HTTP handler to intercept the
AuthenticationR equest event. In this handler, we check for Web service
calls (by checking for HTTP_SOAPACTION in the server variables
collection). If it is a Web service call, we check for the ticket in
the SOAP header. If we find it, we decrypt it and use it to attach the
authenticated principal to the User property of the current context.

This is all great, and works as expected. However, the
AuthenticationR equest event fires for all Web service calls - not just
ones to secure Web services... This means that the ticket being
missing in the header may not be an error, it could just be that the
Web service is not secured. Hence, I cant throw a suitable exception
in the handler when I dont find the ticket as I dont know if I was to
expect one or not. This means users of the secure Web services dont
get a useful exception passed back to them explaining that the ticket
was missing. Instead, they get redirected to login.aspx which is
secure but hard to handle at the client.

So, after all this long winded explanation, my question is....
- How can I test in the AuthenticationR equest event if the current
request is to a page secured by Forms Authentication?
Something like Context.Request .IsPageSecuredB yFormsAuthentic ation
would be nice ;)
For now I am just hacking this by testing if the URL of the request is
in the "secure/" directory.

Thanks for any help,
Regards,
Matt
Nov 18 '05 #1
0 1140

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
1428
obtaining current username after login using forms authentication
by: Jason \(MFT1\) | last post by:
I'm using cookieless sessions and forms authentication for a website which only has light activity. I am using the authentication to protect only certain folders and all that works just fine. The usernames and passwords are stored in the code behind in a login subroutine rather than a database since there are so few users. What I now want to do relates to users who have already logged in and who submit any of the protected forms.
ASP.NET
4
17806
Web.HttpContext.Current.User.Identity.Name is blank
by: Dan Bart | last post by:
I am using an application which is a modification of IBuySpy Portal. It is using Forms authentication. Users login and their name is added to Context Then I use: Web.HttpContext.Current.User.Identity.Name to write audit trail as to what users do. Now recently on one of the activities I noticed that the
ASP.NET
0
931
Cookies and Current Context
by: Rafa® | last post by:
I am developing an Class Library, that is intended to have some classes and methods for Web Interfaces This way, I wrote my authentication system in this DLL. It would write the security ticket in a cookie on the client.. I have used this construction HttpContext.Current.Response.Cookies.Add(New HttpCookie(FormsAuthentication.CookieName, encTicket) Where encTicket is my encrypted authentication Ticket Then, I wrote a method wich a...
ASP.NET
6
2587
HOW TO: Get from the aspx context the current authenticate username ?
by: Tiraman | last post by:
Hi, in vb6 we could use the GetObjectContext("Request") of the ASPTypeLibrary.Request in order to get the ServerVariables("XXX") from the asp to the dll . can we do that in aspx and vb dot net dll ? the question is if there is a context switch between aspx to the dot net dll
Visual Basic .NET
2
15729
Retrieving the COM class factory for a component failed
by: Sakke | last post by:
Hello! We have written a GCryptoSvr.dll COM server in C++. Inside that resides WebClient COM component. WebClient CLSID is {8DC27D48-F94C-434B-A509-C3E1A3E75B9E}. When we are using that WebClient COM component from C++ code it works just fine. However when we try to use that same WebClient in the same machine with following C# code: using GCRYPTOSVRLib; WEBClient WC = new WEBClient();
C# / C Sharp
1
9453
Retrieving COM class Factory failed: 8007007f
by: jimmyfo | last post by:
Hi, I recently wrote an ASP.Net web application in VS2005 and published (using VS2005 Publish feature) it to a relatively clean machine with ASP.Net 2.0 and MDAC 2.8 installed on it. However, when I try to create my SQL connection in the code-behind, I get the following error. I tried to register the DLL using regsvr32 but that errored out saying, "dllregisterserver entry point was not found". Any ideas? Retrieving the COM class factory...
ASP.NET
4
10184
HttpContext.Current.User.Identity.Name loses value
by: Doogie | last post by:
Hi, I am using HttpContext.Current.User.Identity.Name to get a user id from a web application. I then use that as part of a name of a cookie I'm writing. 30 minutes later I do a refresh of this page and try to access that cookie. However, because I am using HttpContext.Current.User.Identity.Name to get the user id to know what that cookie name even is, I am having problems because apparently after 30 minutes...
ASP.NET
4
10717
OperationContext.Current or HttpContext.Current in MembershipProvider within WCF Service = null?
by: dgilbert | last post by:
I have a custom membership provider that I am using to authenticate users in a WCF web service hosted IIS. I want to be able to see any cookies that come across and save session variables, but I cannot get to the OperationContext.Current nor the HttpContext.Current (I am using aspNetCompatibility=true and confirmed that it is enabled in the debugger) - both are null. Is there a setting someplace that will enable these to be available to...
C# / C Sharp
3
8917
Can HttpContext.Current be null
by: Madhur | last post by:
Hello I am delivering an asp.net 2.0 application to my customer. I need to know, If I need to check for the condition of HttpContext.Current to be null in my business logic. I have extensively used Cache and Session objects, and currently I assume HttpContext.Current object to be existent. Also, since I do not have this check, some of my unit test cases fail because there is no HttpContext for them.
ASP.NET
0
9671
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10846
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10551
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
7793
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6979
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5828
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4458
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
4021
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
3116
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us