I have the following problem: I accessed some files hosted under IIS using an asp.net page I want to protect The page will be used with another application:
var request = WebRequest.Create ("www.smth.com/protectData.aspx") as HttpWebRequest; request. Certification = New Network Credentials ("John Doe", "John"); request. Authentic = true; Var response = request GetResponse ();
How to read the credentials sent to the page (protectData.aspx)?
I have a code to validate credentials ... I have tried to implement custom membership, but HttpContext.Current.User
is zero ASPX page web application Hosted in a certified WCF service with a custom policy that hosts:
system.serviceModel>
serviceAuthorization principalPermissionMode = "custom"
Authorization Policies
add policy = "custom policy. Custom policy, custom policy" />
authorization policies - system .serviceModel
I do not have any security for aspiration pages now, basically I want to get the credentials from the request and validate them to use the existing code.
Any help is appreciated, Adrian
There are two options to use HTTP transport authentication or form based authentication.
For Transport Authentication, you need to setup IIS to protect the resources that the client tries to access. This resource can be your file or ASPX page. The ASPX page will then be able to read the HTTPCTEx.Current.User Variable, and will be able to decide that the user can access that resource.
For Form Based Ath, IIS does not have to certify the request. Instead, you post a form for a webform that can see the username / password in the request and decide if access is allowed or not.
Posting a variety of ATH (FBA) forms on the basis of the POST body can be username / password, read that ASPX page, decode and decide whether access is permitted or No.
No comments:
Post a Comment