Continuing with my last post on "Mixed mode authentication", that had a drawback of checking every .net page whether the request is authenticated or not, this post deals with the solution for it.
To check if the request is valid or not, we perform validations in every code behind file (i.e. if it is not authenticated, redirect to login or autologin page; if yes, process the request.). Imagine, if this has to be done on a existing applications - changing every code behind to verify the request is not only tiresome but repetitive task.
Here comes the .net request pipelines, HttpHandlers, for rescue. Idea is to create a custom HttpHandler (that validates every page request), hook this to the .Net application, provide the login/autologin url in web.config and that's it. No code change is required to validate the request anywhere else. It checks if the request is authenticated; if yes, returns the requested page handler; else, returns the autologin handler. Drop a mail if you are interested in the code.
To check if the request is valid or not, we perform validations in every code behind file (i.e. if it is not authenticated, redirect to login or autologin page; if yes, process the request.). Imagine, if this has to be done on a existing applications - changing every code behind to verify the request is not only tiresome but repetitive task.
Here comes the .net request pipelines, HttpHandlers, for rescue. Idea is to create a custom HttpHandler (that validates every page request), hook this to the .Net application, provide the login/autologin url in web.config and that's it. No code change is required to validate the request anywhere else. It checks if the request is authenticated; if yes, returns the requested page handler; else, returns the autologin handler. Drop a mail if you are interested in the code.
No comments:
Post a Comment