Last post Apr 24, 2016 03:54 AM by rstrahl
Oct 15, 2015 01:07 AM|maxsmith|LINK
I am a total novice at HttpModules, so please forgive my ignorance. I have a web service that uses a custom authentication module. This works fine:
Dim authHeader As String = app.Request.Headers("Authorization")
If Not String.IsNullOrEmpty(authHeader) Then
Dim authStr As String = app.Request.Headers("Authorization")
If authStr Is Nothing OrElse authStr.Length = 0 Then
' No credentials; anonymous request
authStr = authStr.Trim()
If authStr.IndexOf("Basic", 0) <> 0 Then
' header is not correct...we'll pass it along and
' assume someone else will handle it
authStr = authStr.Trim()...
However, when I access a jpg image, it doesn't have headers so it doesn't make it past this module. Is there anyway for me to add headers to every image request? If so, I have no clue on how to do it.
Or since they have already authenticated once (before pictures are loaded), is there a better way to persist that authentication to when they access an image? Since Session is not available till after OnAuthenticateRequest, how can I know they already logged
Apr 24, 2016 03:54 AM|rstrahl|LINK
Once you authenticate with Basic Authentication the Authentication header will be sent with every subsequent request in the same browser session. The browser caches the auth info and resends it with each request. So if you are using a browser, any subsequent
request AFTER authentication from the same browser instance should have the auth header included with it. If you're using standalone HTTP requests from a non-browser client, then you have to explicitly send the auth header with each request.
You also need to make sure that images pass through the ASP.NET request pipeline by using the runAllManagedModulesForAllRequests attribute
on the <modules> element in your web.config to force all requests - including static files like images - to go through the IIS request pipepeline. Without this in place images will bypass your module.
+++ Rick ---