You are here:
XHTTP Authenticator.NET: Examples of Use
The following examples will show you how to use XHTTP Authenticator.NET and configure your settings accordingly.
- Example 1: Basic Authentication with passwords stored as clear text
- Example 2: Basic Authentication with passwords stored as encrypted values
- Example 3: Configuring Digest Authentication
Example 1: Basic Authentication with passwords stored as clear text
In this example, the authentication mode is set to Basic
and passwords are stored in clear text; passwordFormat attribute is set to Clear in the <credentials> element.
1 <?xml version="1.0" encoding="utf-8" ?> 2 <configuration> 3 4 <configSections> 5 <section name="XHTTPAuthenticator" 6 type="Visionalyse.Web.Configuration.AuthenticationConfigHandler, Visionalyse.XHTTPAuthenticator" /> 7 </configSections> 8 9 <system.web> 10 11 <httpModules> 12 <add type="Visionalyse.Web.Security.BasicAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPBasic" /> 13 <add type="Visionalyse.Web.Security.DigestAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPDigest" /> 14 </httpModules> 15 16 </system.web> 17 18 <XHTTPAuthenticator mode="Basic" realm="AuthDemo" redirectDenyUrl="~/Denied.aspx" cookieName=".XHTTPAUTH" timeout="30"> 19 <credentials passwordFormat="Clear"> 20 <user name="User1" password="pass1" roles="Administrator" /> 21 <user name="User2" password="pass2" roles="User" /> 22 </credentials> 23 </XHTTPAuthenticator> 24 25 </configuration>
Example 2: Basic Authentication with passwords stored as encrypted values
In this example, the authentication mode is set to Basic and passwords are encrypted and then stored in the web.config; passwordFormat attribute is set to Encrypted in the <credentials> element.
This represents the safest option for storing and hiding your user credentials from prying eyes.
The passwords are encrypted using a public method provided within the XHTTP Authenticator.NET component, encryption is done using MD5 Crypto Service.
1 <?xml version="1.0" encoding="utf-8" ?> 2 <configuration> 3 4 <configSections> 5 <section name="XHTTPAuthenticator" 6 type="Visionalyse.Web.Configuration.AuthenticationConfigHandler, Visionalyse.XHTTPAuthenticator" /> 7 </configSections> 8 9 <system.web> 10 11 <httpModules> 12 <add type="Visionalyse.Web.Security.BasicAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPBasic" /> 13 <add type="Visionalyse.Web.Security.DigestAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPDigest" /> 14 </httpModules> 15 16 </system.web> 17 18 <XHTTPAuthenticator mode="Basic" realm="AuthDemo" redirectDenyUrl="~/Denied.aspx" cookieName=".XHTTPAUTH" timeout="30"> 19 <credentials passwordFormat="Encrypted"> 20 <user name="User1" password="993a950dac2a1a001aa52081ce3a954b" roles="Administrator" /> 21 <user name="User2" password="df6013d00d80e6a22feb1e29a06f8ade" roles="User" /> 22 </credentials> 23 </XHTTPAuthenticator> 24 25 </configuration>
Example 3: Configuring Digest Authentication
To switch from Basic to Digest mode, you only have to modify the value of the attribute mode to Digest in the <XHTTPAuthenticator> element.
1 <?xml version="1.0" encoding="utf-8" ?> 2 <configuration> 3 4 <configSections> 5 <section name="XHTTPAuthenticator" 6 type="Visionalyse.Web.Configuration.AuthenticationConfigHandler, Visionalyse.XHTTPAuthenticator" /> 7 </configSections> 8 9 <system.web> 10 11 <httpModules> 12 <add type="Visionalyse.Web.Security.BasicAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPBasic" /> 13 <add type="Visionalyse.Web.Security.DigestAuthenticationModule, Visionalyse.XHTTPAuthenticator" name="XHTTPDigest" /> 14 </httpModules> 15 16 </system.web> 17 18 <XHTTPAuthenticator mode="Digest" realm="AuthDemo" redirectDenyUrl="~/Denied.aspx" cookieName=".XHTTPAUTH" timeout="30"> 19 <credentials passwordFormat="Clear"> 20 <user name="User1" password="pass1" roles="Administrator" /> 21 <user name="User2" password="pass2" roles="User" /> 22 </credentials> 23 </XHTTPAuthenticator> 24 25 </configuration> 26