Asp – Can a Classic ASP application be secured using HTTPModules

asp-classicasp.nethttpmoduleisapisingle-sign-on

I have a classic ASP application currently secured using ASP.NET Forms Authentication running on IIS 6, the problem is our purposes require this application implement a Single-Signon security model using Entrust TruePass which uses Client Certificates I believe. Can this be implemented using ASP.NET Http Modules or do I have to write an ISAPI filter? Are there other options available?

Best Answer

In order to fire the HttpModule you have to have IIS send the request to aspnet_isapi.dll and then the regular asp.dll. In most cases if there is an endpoint in .net it won't pass the request back to IIS but in IIS6 you can define a handler for wildcards see this article on securing non .net stuff using forms authentication https://web.archive.org/web/20111127051259/http://www.15seconds.com/issue/070104.htm

So what you would do is create your module, register in web.config and use it to do the authntication, and as long as the end point doesn't match anything .net will handle then it should let it go back to IIS to go to asp.dll

[Link above is via Internet Archive Nov 2011. Article was previously at http://www.15seconds.com/issue/070104.htm ]

Best Answer

Related Solutions

Asp – Classic .ASP and .NET .aspx web pages in one ASP.NET Web app

Asp – Classic ASP & ASP.Net Authentication

Related Topic