Probably.
If you look in the machine.config file, IIS is configured security
mechanisms that are programmed as HttpModule components.
<httpModules>
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
<add name="WindowsAuthentication"
type="System.Web.Security.WindowsAuthenticationMod ule"/>
<add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModul e"/>
<add name="PassportAuthentication"
type="System.Web.Security.PassportAuthenticationMo dule"/>
<add name="UrlAuthorization"
type="System.Web.Security.UrlAuthorizationModule"/>
<add name="FileAuthorization"
type="System.Web.Security.FileAuthorizationModule"/>
<add name="ErrorHandlerModule"
type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</httpModules>
So if you can figure out how these work, you should be able to write your
own.
<ol**********@zurich.ch> wrote in message
news:3f********@news.zurich-datacenter.com...
I'm wondering if it is possible in .NET to plug-in a custom authentication
& authorization mechanism. So, that IIS applications and Webservice would
be authenticated against this custom authentication & authorization
implementation. This implementation would authenticate a user with a
password and deliver the roles of this user in this application
(configurable application id).
Thanks a lot for your hints!
Oliver