Authentication using HttpModule

[don smolen]

I know that we can perform authentication of .aspx pages with an HttpModule, and that the same module can probably be used for static content (.htm, .jpg, etc.) by sending them through the ASP.Net pipeline. Can this approach be extended to include non-ASP.Net dynamic pages such as .asp and .jsp? I can't see any way to get ASP.Net to process an asp page when IIS is sending it to asp.dll, and if I send it to aspnet_isapi.dll, how will asp ever get it? Am I missing something or is an ISAPI filter the only way to authenticate all pages on a very heterogenous web server? TIA.

[bruce barker]

you're analysis is correct. you could write an ISAPI filter that hosted a
..net domain, and loaded its own modules.


-- bruce (sqlwork.com)



"don smolen" <dsmolen A T deloitte D O T com> wrote in message
news:91E3A23A-BD81-4637-B542-10C2AFA75788@microsoft.com...

> I know that we can perform authentication of .aspx pages with an

HttpModule, and that the same module can probably be used for static content
(.htm, .jpg, etc.) by sending them through the ASP.Net pipeline. Can this
approach be extended to include non-ASP.Net dynamic pages such as .asp and
..jsp? I can't see any way to get ASP.Net to process an asp page when IIS is
sending it to asp.dll, and if I send it to aspnet_isapi.dll, how will asp
ever get it? Am I missing something or is an ISAPI filter the only way to
authenticate all pages on a very heterogenous web server? TIA.

[clintonG]

You got to read "Essential ASP.NET with Examples in C#" by Fritz
Onion as there is an entire section of the book that covers the ASP.NET
HTTP Pipeline in detail.

That said, I just started that section and scanned through looking for
discussion related to processing of the .asp extension but Fritz did not
cover old ground.

As I recall however, asp.dll functioned as an ISAPI filter while
aspnet_isapi.dll
functions as an ISAPI extension. I believe understanding the difference
will prove
important but I have yet to determine how with regard to processing .asp
requests.

I'll certainly be watching this thread if you or others have something
to add...

--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL [url]http://www.metromilwaukee.com/clintongallagher/[/url]




"don smolen" <dsmolen A T deloitte D O T com> wrote in message
news:91E3A23A-BD81-4637-B542-10C2AFA75788@microsoft.com...

> I know that we can perform authentication of .aspx pages with an

HttpModule, and that the same module can probably be used for static
content (.htm, .jpg, etc.) by sending them through the ASP.Net pipeline.
Can this approach be extended to include non-ASP.Net dynamic pages such
as .asp and .jsp? I can't see any way to get ASP.Net to process an asp
page when IIS is sending it to asp.dll, and if I send it to
aspnet_isapi.dll, how will asp ever get it? Am I missing something or is
an ISAPI filter the only way to authenticate all pages on a very
heterogenous web server? TIA.