Sample on Authentication Modules and Integrated Pipeline

I figure some of you may want to checkout some simple features of IIS 7 using the Modules feature and the Integrated Pipeline.The following steps is a brief version of an article I tested on our system from IIS.net website. You willsee samples onadd/removeexisting modules andtake advantage ofthe integrated pipeline features of IIS 7. Integrated Pipeline allows .Net and API to execute with same routine capabilities as server components written in C++ extensibgility API.


First of, our beta currently does not offer a SQL server as part of the beta program. So we'll use an XML-based Membership provider.


Setup your Membership Provider and webpages for testing:
1. Download files and place XmlMembershipProvider.cs in your App_Code subdirectory.
2. Place the downloaded default.aspx, login.aspx, and default.htm on the root of your IIS 7 beta directory.
3. Place the downloaded MembershipUsers.xml to App_Data directory OR copy the following and create a file in the App_Data directory called MembershipUsers.xml

<Users>
<User>
<UserName>Dasp</UserName>
<Password>test!</Password>
<Email>[email protected]</Email>
</User>
<User>
<UserName>Dasp2</UserName>
<Password>test!</Password>
<Email>[email protected]</Email>
</User>
</Users>

4. Add this into your root web.config file between the <system.web> tags like below.

<system.web>
<membership defaultProvider="AspNetReadOnlyXmlMembershipProvider">
<providers>
<add name="AspNetReadOnlyXmlMembershipProvider" type="AspNetReadOnlyXmlMembershipProvider" description="Read-only XML membership provider" xmlFileName="~/App_Data/MembershipUsers.xml" />
</providers>
</membership>

<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<authentication mode="Forms" />
</system.web>


Test your Webpages:
1. Pull your website up http://beta-xxxxxx.beta1.iis7betahosting.net/default.htm
You should be able to access this page without any authentication just like all IIS prior to version 7 Since HTM files are not handled by ASP.NET (Unless you mapped it).

2. Pull your website up http://beta-xxxxxx.beta1.iis7betahosting.net/default.aspx
You should be NOT be able to access this page without authentication just like all IIS prior to version 7. You are prompted for login. You can
use the login info from the MembershipUsers.xml file you downloaded.



Remove/Add modules to use Integrated Pipeline:
1. Add this into your root web.config file between the <system.webserver> tags like below. The modules comes with a precondition (backward compatibility) to apply to content that is handled by the managed handler. This will remove the current authentication modules and add them back in with the with the preconditions removed.

<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>


Test your webpages Again:
1. Pull your website up http://beta-xxxxxx.beta1.iis7betahosting.net/default.aspx
Like before you are prompted for authentication because you are not authenticated.

2. Pull your website up http://beta-xxxxxx.beta1.iis7betahosting.net/default.htm
Your static default.htm page will now be processed also and is prompted for authentication because of Integrated Pipeline feature. You can't do this prior to IIS 7. You used to map extensions at the handler application level to achieve this or server level programmings.







Chow
DiscountASP.NET
<SUB><SUP>http://DiscountASP.NET




Post Edited (Chow [DASP]) : 3/28/2007 5:58:21 PM GMT

 

Oops! forgot the file attachment, its on the original post now.



Chow
DiscountASP.NET
<SUB><SUP>http://DiscountASP.NET