发表新帖
发表新帖

How to implement basic HTTP authentication with the VS debug server?

前端 未结
关注
2 1231
野趣味
野趣味 2021-01-14 14:22

I\'m making a test rig for an ActiveX HTTP control, and I need to create a web site to securely POST to. To keep things simple, I\'m running the web app with the VS debug se

2条回答
  • 无人共我
    无人共我 (楼主)
    2021-01-14 14:53

    You could implement your own basic HTTP authentication using ASP.NET. It doesn't seem like a very complicated spec, but see RFC1945 for all the details.

    If I had to do it I'd start off with an HttpModule that runs on every request and checks the HTTP header HTTP_AUTHORIZATION. If it's the header for basic authentication, then you can decode username and password. If the header is missing or the username and password are incorrect, then you send back an HTTP 401 response and add the WWW-Authenticate header.

    Something like this (not tested, but you get the idea):

    public class BasicAuthenticationModule: IHttpModule
{
  public void Init(HttpApplication application)
  {
    application.AuthenticateRequest += new EventHandler(Do_Authentication);
  }

  private void Do_Authentication(object sender, EventArgs e)
  {
    var request = HttpContext.Current.Request;
    string header = request.Headers["HTTP_AUTHORIZATION"];
    if(header != null && header.StartsWith("Basic "))
    {
      // Header is good, let's check username and password
      string username = DecodeFromHeader(header, "username");
      string password = DecodeFromHeader(header, password);

      if(Validate(username, password) 
      {
        // Create a custom IPrincipal object to carry the user's identity
        HttpContext.Current.User = new BasicPrincipal(username);
      }
      else
      {
        Protect();
      }
    }
    else
    {
      Protect();
    }
  }

  private void Protect()
  {
    response.StatusCode = 401;
    response.Headers.Add("WWW-Authenticate", "Basic realm=\"Test\"");
    response.Write("You must authenticate");
    response.End();
  }

  private void DecodeFromHeader()
  {
    // Figure this out based on spec
    // It's basically base 64 decode and split on the :
    throw new NotImplementedException();
  }

  private bool Validate(string username, string password)
  {
    return (username == "foo" && pasword == "bar");
  }

  public void Dispose() {}

  public class BasicPrincipal : IPrincipal
  {
    // Implement simple class to hold the user's identity
  }
}

    0 讨论(0)
 看不清?
提交回复
热议问题