HTTP Authentication in .NET

Question

HTTP Authentication in .NET

Is it possible to create the .NET equivalent of the following code?

<?php if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; } ?>

I would also like to be able to define a static user / password in the web.config file. This is very easy to do in PHP, I have not seen anything explaining how to do this in MSDN.

All I want is:

/img/236f5c55804ac61ae73f99fdc32ff04c.png

+4

http authentication .net

Akira Sep 29 '08 at 15:54

source share

6 answers

Vvs · Answer 1 · 2008-09-29T16:28:14+0000

The easiest way to achieve the same as with the PHP code is to directly send the same headers via Reponse.AppendHeader () .

However, I suggest you read the ASP.NET Form Validation Tutorial .

Andrei Rînea · Answer 2 · 2008-09-29T19:23:13+0000

You need to implement basic authentication in ASP.NET, and not for forms authentication, as described above. A good example can be found here .

mattlant · Answer 3 · 2008-09-29T15:58:17+0000

Yes, you can add to web.config and use forms authentication. I do not know php, so I can not help in solving the rest of your question.

http://msdn.microsoft.com/en-us/library/aa720092(VS.71).aspx \

palmsey · Answer 4 · 2008-09-29T16:05:19+0000

Yes, you can specify the credentials in the web.config file. ASP.NET also has an integrated membership system and has controls such as Login to work with it, although this is different from setting static credentials in web.config.

I think the easiest way to do what you say is to protect the directory in IIS.

mattlant · Answer 5 · 2008-09-29T16:06:54+0000

Typically, my own authentication is asp.net against my own username and password in the database. For how I do this, I create a username and password dialog on the page and have a login button. During postback, I do something like:

 if(SecurityHelper.LoginUser(txtUsername.Text, txtPassword.Text)) { FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, true); }

Do with it all that you need to do is the same, check the username and password for what you want, you can even do it hard, if you want to buy, I would not recommend it. \ If in its actual action are used static methods of the formsauthentication class.

mattlant · Answer 6 · 2008-09-29T16:20:07+0000

I am afraid that I cannot help you. I don’t know how to get such a dialogue, besides using another security setting in IIS, such as integrated security (Windows security). If this is all you need, you need to go to IIS and disable anonymous access, enable another type of authorization, such as built-in, basic, and in your code you can verify that they are logged in by checking:

 System.Security.Principal.WindowsIdentity.GetCurrent().IsAuthenticated

Although IIS will take care of the verification in this case. Other than that, I cannot help you.

If you need it, link to windows auth in asp.net: http://msdn.microsoft.com/en-us/library/ms998358.aspx

HTTP Authentication in .NET

More articles: