Page 2 of 9
Previous Page: Introduction Next Page: IIS Configuration
The IHttpModule interface we need to implement is very simple. Here is the interface, as defined by Microsoft in the .NET Framework. IHttpModule is in the System.Web namespace:
C#
1 interface IHttpModule
2 {
3 // called to attach module to app events
4 void Init(HttpApplication app);
5 // called to clean up
6 void Dispose();
7 }
8
VB.Net
1 Interface IHttpModule
2 ' called to attach module to app events
3 Sub Init(ByVal app As HttpApplication);
4 ' called to clean up
5 Sub Dispose()
6 End Interface
7
To get a basic HTTP Module up and functioning is incredibly trivial. There are really only three steps involved:
1. Create a class that Implements IHttpModule
C#
1 public class SmartCardAuthenticationModule : IHttpModule
2 public void Init(HttpApplication context)
3 {
4 }
5
6 public void Dispose()
7 {
8 }
9 }
10
VB.Net
1 Public Class SmartCardAuthenticationModule
2 Implements System.Web.IHttpModule
3
4 Public Sub Init(ByVal context As System.Web.HttpApplication) _
5 Implements System.Web.IHttpModule.Init
6 End Sub
7
8 Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
9 End Sub
10 End Class
11
2. Next wire up the events to handle in the Init() method of the class – compile it in an assembly that you reference in your web project (or include it in your web project directly).
C#
1 public void Init(HttpApplication context)
2 {
3 context.AuthenticateRequest += new EventHandler(Me.OnAuthenticateRequest);
4 }
5
6 private void OnAuthenticateRequest(object sender, EventArgs e)
7 {
8 // Here's where the work of authentication takes place.
9 }
10
VB.Net
1 Public Sub Init(ByVal context As System.Web.HttpApplication) _
2 Implements System.Web.IHttpModule.Init
3
4 AddHandler context.AuthenticateRequest, _
5 New EventHandler(AddressOf Me.OnAuthenticateRequest)
6 End Sub
7
8 Private Sub OnAuthenticateRequest(ByVal source As Object, ByVal eventArgs _
9 As EventArgs)
10 ' Here's where the work of authentication takes place.
11 End Sub
12
3. Install the Smart Card HttpModule into your ASP.NET application using the Web.Config and deny all anonymous users in the authorization section.
1 <configuration>
2 <system.web>
3 <httpModules>
4 <add name="SmartCardAuthentication"
5 type="SmartCardAuthentication.SmartCardAuthenticationModule,
6 SmartCardAuthentication" />
7 </httpModules>
8 <authorization>
9 <!-- Deny all Anonymous Users -->
10 <deny users="?" />
11 </authorization>
12 </system.web>
13 </configuration>
14
Once added to the web.config, re-run the code that displays installed HTTP Modules. The SmartCardAuthentication module should show up in the pipeline:
Figure 3 – ASPX page shows that the Smart Card module is installed.
In Figure 2, the addition of SmartCardAuthentication in the list. This is how you can tell if your module is installed and running correctly.
Above is the most basic skeleton of code I’ll be working from, but before getting into the details of the code, IIS must be configured to support Smart Card Authentication.
Two Important Points about IIS Configuration as it relates to Smart Cards/Client Certificates:
- If IIS is not configured to actually accept and present the Client/Smart Card Certificate (by way of the HttpCertificate object) to ASP.NET, it is critical that the SmartCardAuthenticationModule code deny access to anyone accessing the site – using the principal of failing securely.
- On the flip side, if IIS is not configured to limit what Certificates are acceptable through the Certificate Trust Lists (CTL), the web server will inappropriately grant permissions to more users then expected. We can do some extra checks in code as well to fail securely in this case as well.
Previous Page: Introduction Next Page: IIS Configuration
Page 2 of 9
0 comments:
Post a Comment