I have a classic ASP application currently secured using ASP.NET Forms Authentication running on IIS 6, the problem is our purposes require this application implement a Single-Signon security model using Entrust TruePass which uses Client Certificates I believe. Can this be implemented using ASP.NET Http Modules or do I have to write an ISAPI filter? Are there other options available?
我有一个经典的ASP应用程序,目前使用在IIS 6上运行的ASP.NET Forms Authentication进行保护,问题是我们的目的是要求此应用程序使用Entrust TruePass实现单点登录安全模型,该模型使用我认为的客户端证书。这可以使用ASP.NET Http Modules实现,还是必须编写ISAPI过滤器?还有其他选择吗?
2 个解决方案
#1
In order to fire the HttpModule you have to have IIS send the request to aspnet_isapi.dll and then the regular asp.dll. In most cases if there is an endpoint in .net it won't pass the request back to IIS but in IIS6 you can define a handler for wildcards see this article on securing non .net stuff using forms authentication https://web.archive.org/web/20111127051259/http://www.15seconds.com/issue/070104.htm
为了激活HttpModule,您必须让IIS将请求发送到aspnet_isapi.dll然后再发送常规的asp.dll。在大多数情况下,如果.net中有端点,它将不会将请求传递回IIS,但在IIS6中,您可以为通配符定义处理程序,请参阅本文,使用表单身份验证保护非.net内容https://web.archive .ORG /网络/ 20111127051259 / HTTP://www.15seconds.com/issue/070104.htm
So what you would do is create your module, register in web.config and use it to do the authntication, and as long as the end point doesn't match anything .net will handle then it should let it go back to IIS to go to asp.dll
那么你要做的是创建你的模块,在web.config中注册并使用它来进行身份验证,只要终点与.net将处理的任何东西都不匹配,那么它应该让它回到IIS去到asp.dll
[Link above is via Internet Archive Nov 2011. Article was previously at http://www.15seconds.com/issue/070104.htm ]
[以上链接是通过Internet Archive 2011年11月。文章以前在http://www.15seconds.com/issue/070104.htm]
#2
First off let me state that I don't know a whole lot about HTTPModules, but I would think you could write your own implementation of IHttpModule to handle the TruePass. See this link for more information: MSDN HttpModules.
首先让我说我对HTTPModules一无所知,但我认为你可以编写自己的IHttpModule实现来处理TruePass。有关更多信息,请参阅此链接:MSDN HttpModules。
From my experience, the biggest hassle of going back and forth between classic ASP and .NET is dealing with Session information. Something stored in a classic ASP session variable can't be read by .NET and vice versa. But since your FormsAuthentication is most likely using cookies, you have a means of going back and forth now.
根据我的经验,在经典ASP和.NET之间来回的最大麻烦是处理会话信息。存储在经典ASP会话变量中的内容无法由.NET读取,反之亦然。但是,由于您的FormsAuthentication最有可能使用cookie,因此您现在可以来回使用。
I'm not sure about other options. If your business requirements are to keep the classic asp code and to use the TruePass, then I would think you could make it work.
我不确定其他选择。如果您的业务要求是保留经典的asp代码并使用TruePass,那么我认为您可以使其工作。
Hope that helps.
希望有所帮助。
#1
In order to fire the HttpModule you have to have IIS send the request to aspnet_isapi.dll and then the regular asp.dll. In most cases if there is an endpoint in .net it won't pass the request back to IIS but in IIS6 you can define a handler for wildcards see this article on securing non .net stuff using forms authentication https://web.archive.org/web/20111127051259/http://www.15seconds.com/issue/070104.htm
为了激活HttpModule,您必须让IIS将请求发送到aspnet_isapi.dll然后再发送常规的asp.dll。在大多数情况下,如果.net中有端点,它将不会将请求传递回IIS,但在IIS6中,您可以为通配符定义处理程序,请参阅本文,使用表单身份验证保护非.net内容https://web.archive .ORG /网络/ 20111127051259 / HTTP://www.15seconds.com/issue/070104.htm
So what you would do is create your module, register in web.config and use it to do the authntication, and as long as the end point doesn't match anything .net will handle then it should let it go back to IIS to go to asp.dll
那么你要做的是创建你的模块,在web.config中注册并使用它来进行身份验证,只要终点与.net将处理的任何东西都不匹配,那么它应该让它回到IIS去到asp.dll
[Link above is via Internet Archive Nov 2011. Article was previously at http://www.15seconds.com/issue/070104.htm ]
[以上链接是通过Internet Archive 2011年11月。文章以前在http://www.15seconds.com/issue/070104.htm]
#2
First off let me state that I don't know a whole lot about HTTPModules, but I would think you could write your own implementation of IHttpModule to handle the TruePass. See this link for more information: MSDN HttpModules.
首先让我说我对HTTPModules一无所知,但我认为你可以编写自己的IHttpModule实现来处理TruePass。有关更多信息,请参阅此链接:MSDN HttpModules。
From my experience, the biggest hassle of going back and forth between classic ASP and .NET is dealing with Session information. Something stored in a classic ASP session variable can't be read by .NET and vice versa. But since your FormsAuthentication is most likely using cookies, you have a means of going back and forth now.
根据我的经验,在经典ASP和.NET之间来回的最大麻烦是处理会话信息。存储在经典ASP会话变量中的内容无法由.NET读取,反之亦然。但是,由于您的FormsAuthentication最有可能使用cookie,因此您现在可以来回使用。
I'm not sure about other options. If your business requirements are to keep the classic asp code and to use the TruePass, then I would think you could make it work.
我不确定其他选择。如果您的业务要求是保留经典的asp代码并使用TruePass,那么我认为您可以使其工作。
Hope that helps.
希望有所帮助。