Antaris Veteran Posted February 16, 2009 Veteran Share Posted February 16, 2009 (edited) Building on the work done with the Neowin External Login Tool (NELT), I've rebuilt a set of ASP.NET classes which will allow you to integrate the NELT functionality into your own ASP.NET websites. Let's get some explaining done; The Neowin Login Services library is a .NET implementation of the external Neowin.net authentication mechanism. The mechanism is as follows: 1. Check for an existing login ticket. 1.a. If one does not exist, forward the user to Neowin.net where they can log in. 1.b. After a succesful login, redirect the user back to the website, with a ticket id. 2. Check the validaty of the ticket using the CheckTicket service provided by Neowin.net 2.a. If the ticket is valid, retrieve the available user details. This specific implementation deals with this a specific way: 1. An IHttpModule which checks to see if the ticket exists. If the ticket does not exist, this module will forward the user to the Neowin.net external login script. This is built as a module so that its functionality can be automatically be called if the presence of a RequireLoginAttribute is decorating the page class: [RequireLogin(true)] public class _Default : System.Web.UI.Page... 2. After a succesful login, Neowin.net will redirect to an IHttpHandler, "Neowin.axd", that will check the validaty of the ticket, and store it in Session. This is built as an IHttpHandler so that functionality, such as Login and Logout can be called at the user request. 3. Parse the response from Neowin.net, and create an instance of NeowinUser which stores the currently authenticated user. NELT.NET 2.0 stores the authentication in Session, this is to minimise the number of requests needed to be sent to Neowin, and to keep wait times to a minimum. There are some required configuration changes that need to be made to your web.config in order to use NELT functionality: 1. Enable the configuration by declaring a configuration section (in a group called neowin.net). <configSections> <sectionGroup name="neowin.net"> <section name="login" type="Neowin.LoginServices.Configuration.LoginServicesConfigurationSection, Neowin.LoginServices"/> </sectionGroup> </configSections> 2. Configure the NELT library. <neowin.net> <login baseUrl="http://localhost/NeowinLoginServices/" imageUrl="http://neowin.fidelitydesign.net/resources/neowin_examplelogin.png"/> </neowin.net> The configuration element allows (currently) two properties. The base url that will be used to both redirect after login, and redirect to the Neowin.axd handler for verification. The image url, is the (as it reads) url for the image that will be displayed on the Neowin external login page. 3. Reference the IHttpHandler and IHttpModule in either the system.web (IIS6 & IIS7 Classic .NET), or system.webserver (IIS7 Integrated) IIS6 & IIS7 Classic .NET <system.web> <httpHandlers> <add verb="GET" path="Neowin.axd" type="Neowin.LoginServices.LoginServicesHandler, Neowin.LoginServices"/> </httpHandlers> <httpModules> <add name="LoginService" type="Neowin.LoginServices.LoginServicesModule, Neowin.LoginServices"/> </httpModules> </system.web> IIS7 Integrated <system.webServer> <modules> <add name="LoginService" preCondition="managedHandler" type="Neowin.LoginServices.LoginServicesModule, Neowin.LoginServices"/> </modules> <handlers> <add name="LoginService" preCondition="integratedMode" verb="GET" path="Neowin.axd" type="Neowin.LoginServices.LoginServicesHandler, Neowin.LoginServices"/> </handlers> </system.webServer> After that (and of course adding the reference to Neowin.LoginServices.dll), you are good to go. You can access the current Neowin.net user in code: NeowinUser user = NeowinUser.GetUser(); if (user != null) { // Logged in code here } else { // Perhaps log in? Response.Redirect("Neowin.axd?action=login"); } The IHttpHandler includes functionality for both logging in and logging out. To login, redirect your users to ~/Neowin.axd?action=login, to logout, redirect your users to ~/Neowin.axd?action=logout. Any other action will simply redirect back to the application base url. As I stated previously, any Page that has been decorated with the RequireLoginAttribute, the login system will automatically be started if no valid ticket currently exists. I hope you all find this useful, if you need any help integrating this, let me know. Whats next? I hope to be able to build an ASP.NET MVC compatable library for those wanting to implement URL rerouting, etc. Also, I might ask the Neowin.net development staff to include more properties, such as a url to the user's avatar. Ideas? If you have any, let me know! Source code? If you are interested in the source code for this library, I'll be more than willing to share (need to finish development notes etc.) Neowin.LoginServices.zip Edited February 17, 2009 by Antaris Link to comment https://www.neowin.net/forum/topic/736472-neowin-login-services-neltnet-20/ Share on other sites More sharing options...
Rob Veteran Posted February 17, 2009 Veteran Share Posted February 17, 2009 Superb work, thanks! Link to comment https://www.neowin.net/forum/topic/736472-neowin-login-services-neltnet-20/#findComment-590589886 Share on other sites More sharing options...
Recommended Posts