Custom Authentication and OnAuthenticateRequest

[Patrick Long]

OnAuthenticateRequest seems to be the ideal place to put custom code to to
authentication checks which are not handled by the outofthe box Windows,
Passport and Forms types.

I have seems plently of web pages say use this event but the extent of the
sample code is "put stuff here". Do i have to construct my own User object
in this event that inherits from IPrincipal? Then set the User property of
th application object to this IPrincipal?

TIA

Pat Long

[Duray AKAR]

Patrick

I dont think that you would really need it.
Please indicate what you want to do more clearly.

Here is some information:

If you want to use custom authentication scheme, you need a lot of work.

Search for "Handling Authentication" in VisualStudio or .Net documentation.
You can find the details in "help://MS.VSCC/MS.MSDNVS/WinInet/workshop/networking/wininet/overview/authentication.htm"
if you have the help installed.

Prior to use a custom authentication, you need to develop a custom HTTPAuthentication
Handler, register it and then use it. Then you need a custom User too...

But this is much advanced and complex. If this is what you want to do

Win32 supports 6 types of authentication schemes for HTTP requests.

And I think they are sufficient enough.

What do you want to do exactly ?
I mean what type of checks will you perform ?

Because authentication is verification of creditentials and nothing else.
And you can verify it from any type of resource you want. Custom database,
xml file, windows authentication, or you can use a custom component to verify
it against whatever you like.

Most probobly you want to make some checks about "Authorization", not "Authentication".
These two are usually confusing-to-seperate concepts.

You can find information on "Authorization" at :
"help://MS.VSCC/MS.MSDNVS/vsent7/html/vxconAuthorization.htm" or search for
it on msdn.microsoft.com.

And if you want to use a custom authorization method, you can generate a
generic principal object. It says:

"You can create an object from the GenericPrincipal Class based on your own
custom roles. Use this when you have your own user/role database. You can
populate the principal object in the OnAuthenticate event. You can have a
custom table mapped to Windows accounts that you access in this event. Using
that information, you can create a custom principal object for the authenticated
user. For returning authenticated users, you can use a cookie to recreate
the principal object. For more information, see Creating GenericPrincipal
and GenericIdentity Objects."


For details pls check "help://MS.VSCC/MS.MSDNVS/cpguide/html/cpconcreatinggenericprincipalgenericidentityobjects.htm"


Please give an idea about what are yu trying to accomplish. I would be glad
to help if I can.

Have fun,

Duray AKAR

"My grandfather once told me that
there are two kinds of people:
those who work
and those who take the credit.
He told me to try to be in the first group,
there was less competition there"
(Gandhi)







"Patrick Long" <Patrick_long@csi.com> wrote:
>OnAuthenticateRequest seems to be the ideal place to put custom code to
to
>authentication checks which are not handled by the outofthe box Windows,
>Passport and Forms types.
>
>I have seems plently of web pages say use this event but the extent of the
>sample code is "put stuff here". Do i have to construct my own User object
>in this event that inherits from IPrincipal? Then set the User property
of
>th application object to this IPrincipal?
>
>TIA
>
>Pat Long
>
>
>