Skip to content

Latest commit

 

History

History
78 lines (70 loc) · 2.1 KB

README.md

File metadata and controls

78 lines (70 loc) · 2.1 KB

Verify FormsAuthentication cookie on request using a custom attribute

ASP.NET Core inspired request authentication, using a custom attribute & FormsAuthentication in legacy ASP.NET Website Projects! Supports WebMethods, Page Classes, MasterPage Classes & WebService Classes

Setup:

Prerequisite

IIS needs to be running in integrated mode. Classic mode is not supported due to the nature of the classic IIS pipeline

Web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.webServer>
        <!--RequireAuthentication Module-->
        <modules>
            <add name="AttributeBasedFormsAuthenticationModule" type="AttributeBasedFormsAuthenticationModule" preCondition="integratedMode" />
        </modules>
    </system.webServer>
</configuration>

Global.asax:

VB syntax

<%@ Application Language="VB" %>

<script RunAt="server">
    Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
        Me.UseAuthentication()
    End Sub
</script>

C# syntax

<%@ Application Language="C#" %>

<script RunAt="server">
    void Application_Start(object sender, EventArgs e)
    {
        this.UseAuthentication();
    }
</script>

Supported Use:

WebService Classes:

[RequiresAuthentication]
[System.Web.Script.Services.ScriptService()]
[WebService(Namespace = "http://localhost:8080/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[global::Microsoft.VisualBasic.CompilerServices.DesignerGenerated()]
public class AspAjaxWebService : System.Web.Services.WebService

HttpHandler Classes:

[RequiresAuthentication]
public class dropzone_FileUpload : IHttpHandler, System.Web.SessionState.IRequiresSessionState

Page Classes:

[RequiresAuthentication]
public partial class WebFormsPage : System.Web.UI.Page

MasterPage Classes:

[RequiresAuthentication]
public partial class WebFormsMasterPage : System.Web.UI.MasterPage

WebMethods inside Page Classes & WebMethods inside WebService Classes:

[RequiresAuthentication]
[WebMethod]
public string AjaxMethod() {