Re: implementing authentication & authorization using custom HTTPModule

From: mallik (pls-reply_at_group.com)
Date: 09/17/04

• Next message: DotNetJunkies User: "RE: UAB on compact Framework?"
• Previous message: Paul Czywczynski: "Re: Re: Real-time notification in ASP.NET"
• In reply to: Scott: "Re: implementing authentication & authorization using custom HTTPModule"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 16 Sep 2004 20:18:10 -0700

Scott, Thanks for the reply.

Since the user is authenticated & authorized during the initial load(page_load), I think it's kind of redundant to Authenticate & Authorize during postbacks.

And a small correction to my original post. It should have read 'AuthenticateRequest' and 'AuthorizeRequest' (instead of OnAuthorize & OnAuthenticate).

Thank you,

  "Scott" <no_email_at_all> wrote in message news:ehTb51qmEHA.1172@TK2MSFTNGP10.phx.gbl...
  Why would you not want to authenticate and authorize postbacks? A postback is just a page request just like any other. Just curious.

  Scott L.
    "mallik" <pls-reply@group.com> wrote in message news:us68kZOmEHA.3156@TK2MSFTNGP12.phx.gbl...
    I am trying to implement Authentication and Authorization using a custom HTTPModule.

    Scenario :
    A simple asp.net application(uses 'integrated windows authentication'). I need to capture the user credentials(windows) and based upon the user roles(in the sqlserver database), either allow or deny the requested page(url).

    Instead of doing this 'authorization' on each and every page(in Page_Load only during initial load not during the postbacks), I am trying to intercept the user requests in a custom HttpModule using 'OnAuthenticate' & 'OnAuthorize' events.

    Problem :
    Everything seems to be working fine... except that 'OnAuthenticate' & 'OnAuthorize' are called both during the initial Page_Load and also during PostBack. I don't want to unnecessarily Authenticate & Authorize during page Postbacks.
    Is there any way to restrict this in HttpModule ?

    Hope this is clear & appreciate any suggestions/comments.

    Thank you,

---

• Next message: DotNetJunkies User: "RE: UAB on compact Framework?"
• Previous message: Paul Czywczynski: "Re: Re: Real-time notification in ASP.NET"
• In reply to: Scott: "Re: implementing authentication & authorization using custom HTTPModule"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages OT: Problems with radiusd and EAP-PEAP ... I keep trying in order to radius authenticate and authorize users from XP. ... Module: Loaded eap ... leaving group authorize for request 0 ... (Debian-User) OT:Problems with radiusd and EAP-PEAP ... I keep trying in order to radius authenticate and authorize users ... Module: Loaded eap ... leaving group authorize for request 0 ... (Ubuntu) Re: ActiveDirectoryMembershipProvider - IsInRole problem ... That's amazing that you can authenticate but not authorize from AD - sort of ... Dominick Baier - DevelopMentor ... populated from AD...thats why IsInRole fails. ... (microsoft.public.dotnet.framework.aspnet.security) Application identifier ... I'm using WS-Security to authenticate and authorize the users of my ... Prev by Date: ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: LDAP Security ... You have to authenticate to gain access to AD. ... >> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA ... >>> Doesn't anybody see that this is a security problem? ... >>> Scott ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.distributed_apps  > 2004-09