You are here:
XHTTP Authenticator.NET: Examples of Use
The following examples will show you how to use XHTTP Authenticator.NET and configure your settings accordingly.
- Example 1: Basic Authentication with passwords stored as clear text
- Example 2: Basic Authentication with passwords stored as encrypted values
- Example 3: Configuring Digest Authentication
- Example 4: Implementing your own Authentication Login Logic
- For more examples please download the demo website
Example 1: Basic Authentication with passwords stored as clear text
In this example, the authentication mode is set to Basic
and passwords are stored in clear text; passwordFormat attribute is set to Clear in the <credentials> element.
1 <?xml version="1.0" encoding="utf-8" ?> 2 <configuration> 3 4 <configSections> 5 <section name="XHTTPAuthenticator" 6 type="Visionalyse.Web.Configuration.AuthenticationConfigHandler, Visionalyse.XHTTPAuthenticator" /> 7 </configSections> 8 9 <system.web> 10 11 <httpModules> 12 <add type="Visionalyse.Web.Security.BasicAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPBasic" /> 13 <add type="Visionalyse.Web.Security.DigestAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPDigest" /> 14 </httpModules> 15 16 </system.web> 17 18 <XHTTPAuthenticator mode="Basic" realm="AuthDemo" redirectDenyUrl="~/Denied.aspx" cookieName=".XHTTPAUTH" timeout="30"> 19 <credentials passwordFormat="Clear"> 20 <user name="User1" password="pass1" roles="Administrator" /> 21 <user name="User2" password="pass2" roles="User" /> 22 </credentials> 23 </XHTTPAuthenticator> 24 25 </configuration>
Example 2: Basic Authentication with passwords stored as encrypted values
In this example, the authentication mode is set to Basic and passwords are encrypted and then stored in the web.config; passwordFormat attribute is set to Encrypted in the <credentials> element.
This represents the safest option for storing and hiding your user credentials from prying eyes.
The passwords are encrypted using a public method provided within the XHTTP Authenticator.NET component, encryption is done using MD5 Crypto Service.
1 <?xml version="1.0" encoding="utf-8" ?> 2 <configuration> 3 4 <configSections> 5 <section name="XHTTPAuthenticator" 6 type="Visionalyse.Web.Configuration.AuthenticationConfigHandler, Visionalyse.XHTTPAuthenticator" /> 7 </configSections> 8 9 <system.web> 10 11 <httpModules> 12 <add type="Visionalyse.Web.Security.BasicAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPBasic" /> 13 <add type="Visionalyse.Web.Security.DigestAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPDigest" /> 14 </httpModules> 15 16 </system.web> 17 18 <XHTTPAuthenticator mode="Basic" realm="AuthDemo" redirectDenyUrl="~/Denied.aspx" cookieName=".XHTTPAUTH" timeout="30"> 19 <credentials passwordFormat="Encrypted"> 20 <user name="User1" password="993a950dac2a1a001aa52081ce3a954b" roles="Administrator" /> 21 <user name="User2" password="df6013d00d80e6a22feb1e29a06f8ade" roles="User" /> 22 </credentials> 23 </XHTTPAuthenticator> 24 25 </configuration>
Example 3: Configuring Digest Authentication
To switch from Basic to Digest mode, you only have to modify the value of the attribute mode to Digest in the <XHTTPAuthenticator> element.
1 <?xml version="1.0" encoding="utf-8" ?> 2 <configuration> 3 4 <configSections> 5 <section name="XHTTPAuthenticator" 6 type="Visionalyse.Web.Configuration.AuthenticationConfigHandler, Visionalyse.XHTTPAuthenticator" /> 7 </configSections> 8 9 <system.web> 10 11 <httpModules> 12 <add type="Visionalyse.Web.Security.BasicAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPBasic" /> 13 <add type="Visionalyse.Web.Security.DigestAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPDigest" /> 14 </httpModules> 15 16 </system.web> 17 18 <XHTTPAuthenticator mode="Digest" realm="AuthDemo" redirectDenyUrl="~/Denied.aspx" cookieName=".XHTTPAUTH" timeout="30"> 19 <credentials passwordFormat="Clear"> 20 <user name="User1" password="pass1" roles="Administrator" /> 21 <user name="User2" password="pass2" roles="User" /> 22 </credentials> 23 </XHTTPAuthenticator> 24 25 </configuration> 26
Example 4: Implementing your own Authentication Login Logic
To implement your own authentication login logic, create a new class by inheriting from one of the two built-in modules Visionalyse.Web.Security.BasicAuthenticationModule and Visionalyse.Web.Security.DigestAuthenticationModule.
1 Namespace AppCode.HttpModules 2 3 Public Class MyBasicAuthModule 4 Inherits Visionalyse.Web.Security.BasicAuthenticationModule 5 6 Protected Overrides Function ValidateLogin(ByVal username As String, ByVal password As String) As Boolean 7 8 'Add your validation logic for basic authentication 9 10 Return MyBase.ValidateLogin(username, password) 11 12 End Function 13 14 Protected Overrides Function CreatePrincipal(ByVal username As String, ByVal roles As String()) As System.Security.Principal.IPrincipal 15 16 'Add your logic to create the IPrincipal of a user 17 18 Return MyBase.CreatePrincipal(username, roles) 19 20 End Function 21 22 23 Protected Overrides Function GetUserRoles(ByVal username As String) As String() 24 25 'Add your logic for returning the assigned roles of a user 26 27 Return MyBase.GetUserRoles(username) 28 29 End Function 30 31 Private Sub Authentication_LoginAttempt(ByVal e As LoginAttemptEventArgs) Handles MyBase.LoginAttempt 32 33 'Add your logic here to write event log for every login attempt 34 35 End Sub 36 37 End Class 38 39 End Namespace
Next, add the following entry in the HttpModules section of your web.config.
1 <?xml version="1.0" encoding="utf-8" ?> 2 <configuration> 3 4 <configSections> 5 <section name="XHTTPAuthenticator" 6 type="Visionalyse.Web.Configuration.AuthenticationConfigHandler, Visionalyse.XHTTPAuthenticator" /> 7 </configSections> 8 9 <system.web> 10 11 <httpModules> 12 <add type="AppCode.HttpModules.MyBasicAuthModule" name="XHTTPBasic"/> 13 </httpModules> 14 15 </system.web> 16 17 <XHTTPAuthenticator mode="Basic" realm="XHTTPAuthenticatorDemo" redirectDenyUrl="~/Denied.aspx" cookieName=".XHTTPAUTH" timeout="30"> 18 <credentials passwordFormat="Clear" /> 19 </XHTTPAuthenticator> 20 21 </configuration> 22