ASP.NET 2.0

From Cosign Wiki

Jump to: navigation, search

I recently found myself tasked with integrating Cosign with a new ASP.NET 2.0 web application. I had a hard time finding the information I needed when I first began researching how to best implement this, so I am putting this together in hopes of saving someone else from having to comb through the online library of MSDN articles related to ASP.NET 2.0 authentication and authorization.

Integrating Cosign SSO with your ASP.NET 2.0 web application is made easy by Microsoft through the use of the OnAuthenticate event in your URL’s global.asax file. Doing so provides a means for establishing a custom Principal object using the user’s Cosign-authenticated uniqname.

The following steps through how to implement this custom type of authentication:

1) Implement the standard IIS Cosign filter for your ASP.NET 2.0 web site.

2) Set your application authentication to none in your web.config file: 

<authentication mode="None">
        </authentication>

3) Add the following to your application’s global.asax file: 

 
public void DefaultAuthentication_OnAuthenticate(object sender, DefaultAuthenticationEventArgs args)
{
string[] uniqname = args.Context.Request.ServerVariables.GetValues("HTTP_REMOTE_USER");
args.Context.User = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("uniqname[0]"),
                              new String[0]);
}

4) Your application can now take advantage of the remaining delivered HTTP Request pipeline processing and security models, e.g. role management & related providers, URL authorizations, etc. For more information, check out these online articles from MSDN:

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Designing Application-Managed Authorization


Originally submitted by: Michael Lawson

Retrieved from "http://webapps.itcs.umich.edu/cosign/index.php/ASP.NET_2.0"
Personal tools