1

Our organization is planning on using Webseal as a proxy sitting in front of our .net web sites. We are currently using .net forms authentication and a custom membership provider against a custom sql server user table.

Under this new model, all authentication would be done by the webseal layer. From what I understand, once authenticated, webseal would just add a token in the header indicating that the user is authenticated along with the userid.

I'd like our apps to work with no changes so I want to build something to shield them from the details of webseal by building some layer that converts the webseal token to a regular .net token.

I'm not sure where this should be done...in some kind of custom authentication provider, or a new membership provider or ? I don't want any of our apps to have to make any changes other than to maybe use this new code if it is an http module or other provider.

Has anyone done this type of thing? What would be a good strategy for this. I've heard of Windows Identity Framework but not sure if it is the right solution for this.

Any advice or direction would be helpful.

user1104915
  • 11
  • 1

2 Answers2

1

If the authentication information is provided (in a header), then the easiest way to be able to use it down the request pipeline would be to write a custom module.

A module is a class implementing the IHttpModule interface. In its Init method you attach a custom handler to the AuthenticateRequest of the HttpApplication. Your custom handler should be responsible for recreating the identity, i.e. setting the HttpContext's User to any object implementing IPrincipal (you can use the builtin GenericPrincipal).

Then you register your module in a proper section of the web.config and you are done.

For further details, ask google about "c# custom authentication module".

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
0

Assuming you are using MVC, according to this IBM sample, you can add a customized action filter to convert the user info in WebSEAL header to an authenticated user.

Calvin
  • 1,153
  • 2
  • 14
  • 25