如何实现与VS调试服务器的基本HTTP验证？ [英] How to implement basic HTTP authentication with the VS debug server?

问题描述

我做了一个ActiveX控件HTTP测试装备，我需要建立一个网站，以安全POST到。为了简单起见，我正在与VS调试服务器的Web应用程序; Web应用程序项目与测试应用解决方案的一部分。 NTLM身份验证不被AX控制支持。有没有需要非常基本的HTTP认证，而不NTLM或重定向到一个页面的表单没有简单的方法？我只需要它要求在POST过程中用户名和密码。用户名和密码的内容没有关系，所以一切都将被存储为明文。

I'm making a test rig for an ActiveX HTTP control, and I need to create a web site to securely POST to. To keep things simple, I'm running the web app with the VS debug server; the web app project is part of the solution with the test application. NTLM authentication is not supported by the AX control. Is there any easy way to require very basic http authentication without NTLM or redirecting to a page form? I just need it to require a username and password during the post. Username and password content doesn't matter, so everything will be stored as plaintext.

我试着在web.config中的身份验证模式;出现Windows相同的NTLM（可能是错误的存在），表单要求的形式进行连接，并通过设置cookie，护照超出了本项目的范围，我不知道我怎么会实现无。任何想法？

I've tried the authentication mode in the Web.Config; Windows appears identical to NTLM (could be wrong there), Forms requires a form to connect and set a cookie through, Passport is beyond the scope of this project, and I don't know how I'd implement None. Any ideas?

我试过身份验证模式=窗口在web.config，并检查在Web应用程序的NTLM的复选框，网络选项卡。

I tried "authentication mode="Windows"" in the Web.Config, and checked the NTLM checkbox in the web app's "Web" tab.

推荐答案

您使用ASP.NET可以实现自己的基本HTTP验证。它似乎并不像一个非常复杂的规范，但看到的的所有细节RFC1945 。

You could implement your own basic HTTP authentication using ASP.NET. It doesn't seem like a very complicated spec, but see RFC1945 for all the details.

如果我不得不这样做我会开始与的HttpModule 即在每次请求运行，检查HTTP头文件 HTTP_AUTHORIZATION 。如果它是基本认证头，那么你可以去code用户名和密码。如果头缺失或用户名和密码是不正确的，那么你就发回一个HTTP 401响应，并添加 WWW验证头。

If I had to do it I'd start off with an HttpModule that runs on every request and checks the HTTP header HTTP_AUTHORIZATION. If it's the header for basic authentication, then you can decode username and password. If the header is missing or the username and password are incorrect, then you send back an HTTP 401 response and add the WWW-Authenticate header.

像这样（没有测试，但你的想法）：

Something like this (not tested, but you get the idea):

public class BasicAuthenticationModule: IHttpModule
{
  public void Init(HttpApplication application)
  {
    application.AuthenticateRequest += new EventHandler(Do_Authentication);
  }

  private void Do_Authentication(object sender, EventArgs e)
  {
    var request = HttpContext.Current.Request;
    string header = request.Headers["HTTP_AUTHORIZATION"];
    if(header != null && header.StartsWith("Basic "))
    {
      // Header is good, let's check username and password
      string username = DecodeFromHeader(header, "username");
      string password = DecodeFromHeader(header, password);

      if(Validate(username, password) 
      {
        // Create a custom IPrincipal object to carry the user's identity
        HttpContext.Current.User = new BasicPrincipal(username);
      }
      else
      {
        Protect();
      }
    }
    else
    {
      Protect();
    }
  }

  private void Protect()
  {
    response.StatusCode = 401;
    response.Headers.Add("WWW-Authenticate", "Basic realm=\"Test\"");
    response.Write("You must authenticate");
    response.End();
  }

  private void DecodeFromHeader()
  {
    // Figure this out based on spec
    // It's basically base 64 decode and split on the :
    throw new NotImplementedException();
  }

  private bool Validate(string username, string password)
  {
    return (username == "foo" && pasword == "bar");
  }

  public void Dispose() {}

  public class BasicPrincipal : IPrincipal
  {
    // Implement simple class to hold the user's identity
  }
}

这篇关于如何实现与VS调试服务器的基本HTTP验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！