.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
How to handle all extensions
Messages   Related Types
This message was discovered on ASPFriends.com 'aspnghttphandlers' list.


Fredriksen Roar
I'd like to make my httphandler customize the processing of all requests
within a folder. The only way I found was to make the folder an
application in IIS and to let the aspnet_isapi.dll handle the .*
extension. (Removing all other isapi extensions)

This makes me lose my session content when redirected from the
application above.

Anyone knows if this could be done without losing session content? It's
important that all file extensions are handled by my own httphandler,
even .aspx, .cs and .htm
Reply to this message...
 
    
Michel Comeau
This is also something that i am looking for,

Except that i dont know how to return the "Require Login" or "Authentication
Failed" from the HttpModule.

Anyone have an example to show me ? I understand very easily so all i need
is a hint or a very simple example.

Thank You !
Michel C.
*c# programmer.
*webmaster
*.NET lover

-----Original Message-----
From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
Sent: Wednesday, October 10, 2001 10:43 PM
To: aspnghttphandlers
Subject: [aspnghttphandlers] How to handle all extensions

I'd like to make my httphandler customize the processing of all requests
within a folder. The only way I found was to make the folder an application
in IIS and to let the aspnet_isapi.dll handle the * extension. (Removing all
other isapi extensions)

This makes me lose my session content when redirected from the application
above.

Anyone knows if this could be done without losing session content? It's
important that all file extensions are handled by my own httphandler, even
.aspx, .cs and .htm
Reply to this message...
 
    
Fredriksen Roar
Not to familiar with such codes, but I think setting the
Response.StatusCode would do it. (401 should promt user for
authntication, 403 should respond Unauthorized)

Regarding my problem described below, this was discussed on usenet and
the solution can be seen here:
http://www.developersdex.com/asp/message.asp?p16&r 97084
<http://www.developersdex.com/asp/message.asp?p&#11;16&r 97084>

(The discussion spans several pages, but the last input describes both
the core problem and the solution)

Regards,
Roar

From:     Michel Comeau <mailto:Click here to reveal e-mail address> (17. okt. 2001
23:22)    
To:     aspnghttphandlers <mailto:Click here to reveal e-mail address>     
Subject:     [aspnghttphandlers] RE: How to handle all extensions    
    

This is also something that i am looking for,

Except that i dont know how to return the "Require Login" or
"Authentication
Failed" from the HttpModule.

Anyone have an example to show me ? I understand very easily so all i
need
is a hint or a very simple example.

Thank You !
Michel C.
*c# programmer.
*webmaster
*.NET lover

-----Original Message-----
From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
Sent: Wednesday, October 10, 2001 10:43 PM
To: aspnghttphandlers
Subject: [aspnghttphandlers] How to handle all extensions

I'd like to make my httphandler customize the processing of all requests
within a folder. The only way I found was to make the folder an
application
in IIS and to let the aspnet_isapi.dll handle the * extension. (Removing
all
other isapi extensions)

This makes me lose my session content when redirected from the
application
above.

Anyone knows if this could be done without losing session content? It's
important that all file extensions are handled by my own httphandler,
even
aspx, .cs and .htm

| [aspnghttphandlers] member Click here to reveal e-mail address &# Y;OUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp &# J;OIN/QUIT
| http://www.asplists.com/search &# S;EARCH Archives
Reply to this message...
 
    
Michel Comeau
Ok, i'm all confused here,

I read the thread you suggested and its very good, but the part that amazes
me is the authentication part.

I figured i should make a HttpModule and handle AuthenticateRequest and do
my validation at that level, but i'm not sure how to handle the way i will
prevent the page from displaying, send a prompt request to the
username/password then, validate both of these (using an MsAccess or SQL
server database). I can manage with the code to lookup the name in the
database and such. But i'm not yet sure where i'll put it :)

Has anyone done that ?

I'm basicly trying to have things handled somewhat like Authentix does, but
this is only for our own site. The goal here is to simply centrally
authenticate access to any file (mostly .htm, .aspx, .ascx, .zip, .gif and
.jpg) under the members section of the site.

If you need more details i can provide them, but i think this should be a
good start.
Michel C.
*c# programmer.
*webmaster
*.NET lover

-----Original Message-----
From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
Sent: Wednesday, October 17, 2001 6:03 PM
To: aspnghttphandlers
Subject: [aspnghttphandlers] RE: How to handle all extensions

Not to familiar with such codes, but I think setting the
Response.StatusCode would do it. (401 should promt user for authntication,
403 should respond Unauthorized)

Regarding my problem described below, this was discussed on usenet and the
solution can be seen here:
http://www.developersdex.com/asp/message.asp?p&#11;16&r 97084

(The discussion spans several pages, but the last input describes both the
core problem and the solution)

Regards,
Roar

From: Michel Comeau (17. okt. 2001 23:22)
To: aspnghttphandlers
Subject: [aspnghttphandlers] RE: How to handle all extensions

This is also something that i am looking for,

Except that i dont know how to return the "Require Login" or
"Authentication
Failed" from the HttpModule.

Anyone have an example to show me ? I understand very easily so all i need
is a hint or a very simple example.

Thank You !
Michel C.
*c# programmer.
*webmaster
*.NET lover

-----Original Message-----
From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
Sent: Wednesday, October 10, 2001 10:43 PM
To: aspnghttphandlers
Subject: [aspnghttphandlers] How to handle all extensions

I'd like to make my httphandler customize the processing of all requests
within a folder. The only way I found was to make the folder an
application
in IIS and to let the aspnet_isapi.dll handle the * extension. (Removing
all
other isapi extensions)

This makes me lose my session content when redirected from the application
above.

Anyone knows if this could be done without losing session content? It's
important that all file extensions are handled by my own httphandler, even
.aspx, .cs and .htm

| [aspnghttphandlers] member Click here to reveal e-mail address &# Y;OUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp &# J;OIN/QUIT
| http://www.asplists.com/search &# S;EARCH Archives
| [aspnghttphandlers] member Click here to reveal e-mail address &# Y;OUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp &# J;OIN/QUIT
| http://www.asplists.com/search &# S;EARCH Archives
Reply to this message...
 
    
Fredriksen Roar
Hi Michel,

In my application, I'm using a standard input form with
username/password fields and storing these values in session after
authentication with values in my SQL database.

I looked into MSDN to find what the AuthenticateRequest event you
mentioned really is. What I found was that a AuthenticationManager
should call Authenticate on all registered Authetication modules when
authorizing. Seems to me you can create your own class, inherit
IAuthenticationModule and register it in the web.config file as a
HttpModule. As I understood, you could then write your own code to
handle the Authenticate and the PreAuthenticate events.

On the other hand, according to this article:
http://support.microsoft.com/support/kb/articles/Q307/9/96.ASP, you
could also create a class inherited from IHttpModule and subscribe the
AuthenticateRequest event of the HttpApplication class. The code needed
is supplied in the article, but for the BeginRequest event. However, I
never found where to get the password from, and I'm not quiet sure I
understood how you'd like your users to enter the credientials. It's
real simple to show the built-in username/password box in IE by setting
the Response.StatusCode to 401, but I could not get my hands on the
password on the server afterwards.

I'm sorry to give up at this point, and to not be any more help to you.
If you find the solution for this problem, I'd be more than glad to hear
about it.

Best regards,

Roar Fredriksen

From:     Michel Comeau <mailto:Click here to reveal e-mail address> (18. okt. 2001
22:55)    
To:     aspnghttphandlers <mailto:Click here to reveal e-mail address>     
Subject:     [aspnghttphandlers] RE: How to handle all extensions    
    

Ok, i'm all confused here,

I read the thread you suggested and its very good, but the part that
amazes me is the authentication part.

I figured i should make a HttpModule and handle AuthenticateRequest and
do my validation at that level, but i'm not sure how to handle the way i
will prevent the page from displaying, send a prompt request to the
username/password then, validate both of these (using an MsAccess or SQL
server database). I can manage with the code to lookup the name in the
database and such. But i'm not yet sure where i'll put it :)

Has anyone done that ?

I'm basicly trying to have things handled somewhat like Authentix does,
but this is only for our own site. The goal here is to simply centrally
authenticate access to any file (mostly .htm, .aspx, .ascx, .zip, .gif
and .jpg) under the members section of the site.

If you need more details i can provide them, but i think this should be
a good start.
Michel C.
*c# programmer.
*webmaster
*.NET lover

    -----Original Message-----
    From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
    Sent: Wednesday, October 17, 2001 6:03 PM
    To: aspnghttphandlers
    Subject: [aspnghttphandlers] RE: How to handle all extensions
    
    
    Not to familiar with such codes, but I think setting the
Response.StatusCode would do it. (401 should promt user for
authntication, 403 should respond Unauthorized)
    
    Regarding my problem described below, this was discussed on
usenet and the solution can be seen here:
    http://www.developersdex.com/asp/message.asp?p=1116&r=1097084
<http://www.developersdex.com/asp/message.asp?p=1116&r=1097084>
    
    (The discussion spans several pages, but the last input
describes both the core problem and the solution)
    
    Regards,
    Roar
    
    
From:     Michel Comeau <mailto:Click here to reveal e-mail address> (17. okt. 2001
23:22)    
To:     aspnghttphandlers <mailto:Click here to reveal e-mail address>     
Subject:     [aspnghttphandlers] RE: How to handle all extensions    
    

    This is also something that i am looking for,
    
    Except that i dont know how to return the "Require Login" or
"Authentication
    Failed" from the HttpModule.
    
    Anyone have an example to show me ? I understand very easily so
all i need
    is a hint or a very simple example.
    
    Thank You !
    Michel C.
    *c# programmer.
    *webmaster
    *.NET lover
    
    -----Original Message-----
    From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
    Sent: Wednesday, October 10, 2001 10:43 PM
    To: aspnghttphandlers
    Subject: [aspnghttphandlers] How to handle all extensions
    
    
    I'd like to make my httphandler customize the processing of all
requests
    within a folder. The only way I found was to make the folder an
application
    in IIS and to let the aspnet_isapi.dll handle the * extension.
(Removing all
    other isapi extensions)
    
    This makes me lose my session content when redirected from the
application
    above.
    
    Anyone knows if this could be done without losing session
content? It's
    important that all file extensions are handled by my own
httphandler, even
    .aspx, .cs and .htm
    
    
    | [aspnghttphandlers] member Click here to reveal e-mail address = YOUR ID
    | http://www.asplists.com/asplists/aspnghttphandlers.asp JOIN/QUIT
    | http://www.asplists.com/search = SEARCH Archives
    | [aspnghttphandlers] member Click here to reveal e-mail address = YOUR ID
    | http://www.asplists.com/asplists/aspnghttphandlers.asp JOIN/QUIT
    | http://www.asplists.com/search = SEARCH Archives
    

| [aspnghttphandlers] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Michel Comeau
Hi Frederiksen,

I found this arcticle that gave me the response to what i was looking for.

http://www.programmersresource.com/articles/authentix2.asp

They explain that with StatusCode 401 you need to sent a WWW-AUTHENTICATE
header containing information on how you want to authenticate. For Basic
authentication its like "BASIC Realm=\"any string\"". Then the client asks
for the username/password and will reply with a header like "Authorize:
Basic G895af0934==" where the last part is base 64 encoded.

I just wished it was better explained on MSDN, i couldnt find a single place
where its explained, but then again, maybe i just don't look for the right
keywords.

regards,
Michel C.
*c# programmer.
*webmaster
*.NET lover
-----Original Message-----
From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
Sent: Thursday, October 18, 2001 8:15 PM
To: aspnghttphandlers
Subject: [aspnghttphandlers] RE: How to handle all extensions

Hi Michel,

In my application, I'm using a standard input form with username/password
fields and storing these values in session after authentication with values
in my SQL database.

I looked into MSDN to find what the AuthenticateRequest event you
mentioned really is. What I found was that a AuthenticationManager should
call Authenticate on all registered Authetication modules when authorizing.
Seems to me you can create your own class, inherit IAuthenticationModule and
register it in the web.config file as a HttpModule. As I understood, you
could then write your own code to handle the Authenticate and the
PreAuthenticate events.

On the other hand, according to this article:
http://support.microsoft.com/support/kb/articles/Q307/9/96.ASP, you could
also create a class inherited from IHttpModule and subscribe the
AuthenticateRequest event of the HttpApplication class. The code needed is
supplied in the article, but for the BeginRequest event. However, I never
found where to get the password from, and I'm not quiet sure I understood
how you'd like your users to enter the credientials. It's real simple to
show the built-in username/password box in IE by setting the
Response.StatusCode to 401, but I could not get my hands on the password on
the server afterwards.

I'm sorry to give up at this point, and to not be any more help to you. If
you find the solution for this problem, I'd be more than glad to hear about
it.

Best regards,

Roar Fredriksen

From: Michel Comeau (18. okt. 2001 22:55)
To: aspnghttphandlers
Subject: [aspnghttphandlers] RE: How to handle all extensions

Ok, i'm all confused here,

I read the thread you suggested and its very good, but the part that
amazes me is the authentication part.

I figured i should make a HttpModule and handle AuthenticateRequest and do
my validation at that level, but i'm not sure how to handle the way i will
prevent the page from displaying, send a prompt request to the
username/password then, validate both of these (using an MsAccess or SQL
server database). I can manage with the code to lookup the name in the
database and such. But i'm not yet sure where i'll put it :)

Has anyone done that ?

I'm basicly trying to have things handled somewhat like Authentix does,
but this is only for our own site. The goal here is to simply centrally
authenticate access to any file (mostly .htm, .aspx, ascx, .zip, .gif and
.jpg) under the members section of the site.

If you need more details i can provide them, but i think this should be a
good start.
Michel C.
*c# programmer.
*webmaster
*.NET lover

-----Original Message-----
From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
Sent: Wednesday, October 17, 2001 6:03 PM
To: aspnghttphandlers
Subject: [aspnghttphandlers] RE: How to handle all extensions

Not to familiar with such codes, but I think setting the
Response.StatusCode would do it. (401 should promt user for authntication,
403 should respond Unauthorized)

Regarding my problem described below, this was discussed on usenet and
the solution can be seen here:
http://www.developersdex.com/asp/message.asp?p=1116&r=1097084

(The discussion spans several pages, but the last input describes both
the core problem and the solution)

Regards,
Roar

From: Michel Comeau (17. okt. 2001 23:22)
To: aspnghttphandlers
Subject: [aspnghttphandlers] RE: How to handle all extensions

This is also something that i am looking for,

Except that i dont know how to return the "Require Login" or
"Authentication
Failed" from the HttpModule.

Anyone have an example to show me ? I understand very easily so all i
need
is a hint or a very simple example.

Thank You !
Michel C.
*c# programmer.
*webmaster
*.NET lover

-----Original Message-----
From: Fredriksen, Roar [mailto:Click here to reveal e-mail address]
Sent: Wednesday, October 10, 2001 10:43 PM
To: aspnghttphandlers
Subject: [aspnghttphandlers] How to handle all extensions

I'd like to make my httphandler customize the processing of all requests
within a folder. The only way I found was to make the folder an
application
in IIS and to let the aspnet_isapi.dll handle the * extension. (Removing
all
other isapi extensions)

This makes me lose my session content when redirected from the
application
above.

Anyone knows if this could be done without losing session content? It's
important that all file extensions are handled by my own httphandler,
even
.aspx, .cs and .htm

| [aspnghttphandlers] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
| [aspnghttphandlers] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspnghttphandlers] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspnghttphandlers] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspnghttphandlers.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
 
System.Net.AuthenticationManager
System.Net.IAuthenticationModule
System.Web.HttpApplication
System.Web.IHttpModule




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification