by Dominic Zukiewicz
7. June 2010 14:23
One of our clients use a 3rd party authentication tool called AuthentiX, which allows directory level authorisation and the use of multiple data sources to be used for IIS. Although ASP.NET has Forms Authentication, AuthentiX has been in use by the client for over 10 years and so co-existence with ASP was required to allow the retrieval of the username.
Its usage is quite simple. If the code is executing on your page, they have been authenticated (or have they?) and given access to it. A code snippet of this COM component looks like this:
protected void Page_Load(object sender, EventArgs e)
{
string localAddress = Request.ServerVariables["LOCAL_ADDR"];
string scriptName = Request.ServerVariables["SCRIPT_NAME"];
string httpAuth = Request.ServerVariables["HTTP_AUTHORIZATION"];
AUTHXOCXLib.AuthXOCXClass authClass = new AUTHXOCXLib.AuthXOCXClass();
string currentUserName = authClass.CurrentUserName(localAddress, scriptName, httpAuth);
System.Web.UI.WebControls.Label text = new System.Web.UI.WebControls.Label();
if (currentUserName.Length == 0)
{
text.Text = "No username found.";
}
else
{
text.Text = "Username = " + currentUserName;
}
Page.Controls.Add(text);
}
For some odd reason, there were instances where the user_id wasn’t being returned from the COM component. Note that this component can validate the user from a variety of data sources, so I just forced the database to timeout, to see if it was just a case of a timeout.
After some testing, we found that this can happen when the COM component cannot access the data source to verify the user, and so returns “” , which is obviously a problem as the code is running, yet the user hasn’t been verified. We are under the assumption that the user who enters has access, AND has been authenticated. A blank user_id is a big no no.
If you use a combination of Anonymous Access and Integrated Windows Authentication, the control can return a blank username (due to mis-configuration). It took some time to find, but an article on their FAQ describes this problem
The solution is to turn off Integrated Windows Authentication for those directories using the AuthentiX component and the problem should go away. Alternatively, this only sorts out some of the problems, but does not sort out the DB timeout problem.
Subscribe