Thanks to visit codestin.com
Credit goes to github.com

Skip to content

joaf123/ASP.NET-WebForms-Authentication

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
AuthorizationHttpModule.cs
AuthorizationHttpModule.cs
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Web.config
Web.config
 
 

Repository files navigation

Verify FormsAuthentication cookie on request using a custom attribute

ASP.NET HttpModule for verification of FormsAuthentication on requests, using custom attributes. Supports WebMethods, Page Classes, MasterPage Classes & WebService Classes

Setup:

Prerequisite

IIS needs to be running in integrated mode. Classic mode is not supported due to the nature of the classic IIS pipeline

Web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.webServer>
        <!--RequireAuthentication Module-->
        <modules>
            <add name="AttributeBasedFormsAuthenticationModule" type="AttributeBasedFormsAuthenticationModule" preCondition="integratedMode" />
        </modules>
    </system.webServer>
</configuration>

Global.asax:

<%@ Application Language="VB" %>

<script RunAt="server">
    Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
        Me.UseAuthentication()
    End Sub
</script>

DO NOT FORGET BEFORE USING:

  • Make sure your FormsAuthentication cookie is set correctly
  • Verify/change the assembly metadata for System.Web.Extensions which is used to get the Type definition for RestHandlerWithSession:
Type _RestHandlerWithSessionType = Type.GetType("System.Web.Script.Services.RestHandlerWithSession, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35");

// the "Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" part must match YOUR spesific scenario

Supported Use Cases:

Decorated on spesific PageMethod's or Ajax WebMethod's:

[RequiresAuthentication]
[WebMethod]
public string AjaxMethod() {

or

Decorated on the main WebService Class:

[RequiresAuthentication]
[System.Web.Script.Services.ScriptService()]
[WebService(Namespace = "http://localhost:8080/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[global::Microsoft.VisualBasic.CompilerServices.DesignerGenerated()]
public class AspAjaxWebService : System.Web.Services.WebService

Decorated on a Page Class:

[RequiresAuthentication]
public partial class WebFormsPage : System.Web.UI.Page

or

Decorated on a MasterPage Class:

[RequiresAuthentication]
public partial class WebFormsMasterPage : System.Web.UI.MasterPage

About

ASP.NET Core inspired request authentication, using a custom attribute & FormsAuthentication in legacy ASP.NET Website Projects

Topics

auth authorization-middleware httpmodules asp-net-webform asp-net-web-forms forms-authentication httpmodule custom-authorize-asp-net formsauthentication http-module custom-authentication authorization-asp-net-framework asp-auth

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v2.0.0 Release Latest
Jan 26, 2024
+ 2 releases

Languages