473,378 Members | 1,496 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Retrieving if current request is for a resource requiring authentication

Hello all,

We are using Forms Authentication in an application to protect both
sensitive ASP.Net pages and Web services.

This question is relating to Web services and forms authentication,
and I will try to explain the issue by detailing how a client accesses
a secure Web service.

1) The Web service client accesses an unsecured login Web service,
passing in a username and password.
2) If the user is successfully authenticated, the Web service returns
an encrypted Forms Authentication ticket as a string.
3) Secure Web services all sit under a directory secured by Forms
Authentication in the usual manner in the Web.config. Hence
unathenticated access causes a redirect to Login.aspx and the request
is rejected.
4) To call a secured Web service, the client attaches the
authentication ticket in the Soap header of the Web service proxy, and
then calls the required method on the service
5) At the server, we user an HTTP handler to intercept the
AuthenticationRequest event. In this handler, we check for Web service
calls (by checking for HTTP_SOAPACTION in the server variables
collection). If it is a Web service call, we check for the ticket in
the SOAP header. If we find it, we decrypt it and use it to attach the
authenticated principal to the User property of the current context.

This is all great, and works as expected. However, the
AuthenticationRequest event fires for all Web service calls - not just
ones to secure Web services... This means that the ticket being
missing in the header may not be an error, it could just be that the
Web service is not secured. Hence, I cant throw a suitable exception
in the handler when I dont find the ticket as I dont know if I was to
expect one or not. This means users of the secure Web services dont
get a useful exception passed back to them explaining that the ticket
was missing. Instead, they get redirected to login.aspx which is
secure but hard to handle at the client.

So, after all this long winded explanation, my question is....
- How can I test in the AuthenticationRequest event if the current
request is to a page secured by Forms Authentication?
Something like Context.Request.IsPageSecuredByFormsAuthentication
would be nice ;)
For now I am just hacking this by testing if the URL of the request is
in the "secure/" directory.

Thanks for any help,
Nov 18 '05 #1
0 1119

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Jason \(MFT1\) | last post by:
I'm using cookieless sessions and forms authentication for a website which only has light activity. I am using the authentication to protect only certain folders and all that works just fine....
by: Dan Bart | last post by:
I am using an application which is a modification of IBuySpy Portal. It is using Forms authentication. Users login and their name is added to Context Then I use: ...
by: Rafa® | last post by:
I am developing an Class Library, that is intended to have some classes and methods for Web Interfaces This way, I wrote my authentication system in this DLL. It would write the security ticket in a...
by: Tiraman | last post by:
Hi, in vb6 we could use the GetObjectContext("Request") of the ASPTypeLibrary.Request in order to get the ServerVariables("XXX") from the asp to the dll . can we do that in aspx and vb dot...
by: Sakke | last post by:
Hello! We have written a GCryptoSvr.dll COM server in C++. Inside that resides WebClient COM component. WebClient CLSID is {8DC27D48-F94C-434B-A509-C3E1A3E75B9E}. When we are using that...
by: jimmyfo | last post by:
Hi, I recently wrote an ASP.Net web application in VS2005 and published (using VS2005 Publish feature) it to a relatively clean machine with ASP.Net 2.0 and MDAC 2.8 installed on it. However, when...
by: Doogie | last post by:
Hi, I am using HttpContext.Current.User.Identity.Name to get a user id from a web application. I then use that as part of a name of a cookie I'm writing. 30 minutes later I do a refresh of this...
by: dgilbert | last post by:
I have a custom membership provider that I am using to authenticate users in a WCF web service hosted IIS. I want to be able to see any cookies that come across and save session variables, but I...
by: Madhur | last post by:
Hello I am delivering an asp.net 2.0 application to my customer. I need to know, If I need to check for the condition of HttpContext.Current to be null in my business logic. I have extensively...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.