Neowin Login Services (NELT.NET 2.0)

By Antaris
in Software created by our members

 Share

Recommended Posts

Grand Master

Antaris Veteran

Posted
  • Veteran
Posted (edited)

Building on the work done with the Neowin External Login Tool (NELT), I've rebuilt a set of ASP.NET classes which will allow you to integrate the NELT functionality into your own ASP.NET websites.

Let's get some explaining done; The Neowin Login Services library is a .NET implementation of the external Neowin.net authentication mechanism. The mechanism is as follows:

1. Check for an existing login ticket.

1.a. If one does not exist, forward the user to Neowin.net where they can log in.

1.b. After a succesful login, redirect the user back to the website, with a ticket id.

2. Check the validaty of the ticket using the CheckTicket service provided by Neowin.net

2.a. If the ticket is valid, retrieve the available user details.

This specific implementation deals with this a specific way:

1. An IHttpModule which checks to see if the ticket exists. If the ticket does not exist, this module will forward the user to the Neowin.net external login script. This is built as a module so that its functionality can be automatically be called if the presence of a RequireLoginAttribute is decorating the page class:

[RequireLogin(true)]
public class _Default : System.Web.UI.Page...

2. After a succesful login, Neowin.net will redirect to an IHttpHandler, "Neowin.axd", that will check the validaty of the ticket, and store it in Session. This is built as an IHttpHandler so that functionality, such as Login and Logout can be called at the user request.

3. Parse the response from Neowin.net, and create an instance of NeowinUser which stores the currently authenticated user.

NELT.NET 2.0 stores the authentication in Session, this is to minimise the number of requests needed to be sent to Neowin, and to keep wait times to a minimum.

There are some required configuration changes that need to be made to your web.config in order to use NELT functionality:

1. Enable the configuration by declaring a configuration section (in a group called neowin.net).

	<configSections>
		<sectionGroup name="neowin.net">
			<section name="login" type="Neowin.LoginServices.Configuration.LoginServicesConfigurationSection, Neowin.LoginServices"/>
		</sectionGroup>
	</configSections>

2. Configure the NELT library.

	<neowin.net>
		<login baseUrl="http://localhost/NeowinLoginServices/" imageUrl="http://neowin.fidelitydesign.net/resources/neowin_examplelogin.png"/>
	</neowin.net>

The configuration element allows (currently) two properties. The base url that will be used to both redirect after login, and redirect to the Neowin.axd handler for verification. The image url, is the (as it reads) url for the image that will be displayed on the Neowin external login page.

3. Reference the IHttpHandler and IHttpModule in either the system.web (IIS6 & IIS7 Classic .NET), or system.webserver (IIS7 Integrated)

IIS6 & IIS7 Classic .NET

	<system.web>
		<httpHandlers>
			<add verb="GET" path="Neowin.axd" type="Neowin.LoginServices.LoginServicesHandler, Neowin.LoginServices"/>
		</httpHandlers>
		<httpModules>
			<add name="LoginService" type="Neowin.LoginServices.LoginServicesModule, Neowin.LoginServices"/>
		</httpModules>
	</system.web>

IIS7 Integrated

	<system.webServer>
		<modules>
			<add name="LoginService" preCondition="managedHandler" type="Neowin.LoginServices.LoginServicesModule, Neowin.LoginServices"/>
		</modules>
		<handlers>
			<add name="LoginService" preCondition="integratedMode" verb="GET" path="Neowin.axd" type="Neowin.LoginServices.LoginServicesHandler, Neowin.LoginServices"/>
		</handlers>
	</system.webServer>

After that (and of course adding the reference to Neowin.LoginServices.dll), you are good to go. You can access the current Neowin.net user in code:

NeowinUser user = NeowinUser.GetUser();
if (user != null)
{
  // Logged in code here
}
else
{
  // Perhaps log in?
  Response.Redirect("Neowin.axd?action=login");
}

The IHttpHandler includes functionality for both logging in and logging out. To login, redirect your users to ~/Neowin.axd?action=login, to logout, redirect your users to ~/Neowin.axd?action=logout. Any other action will simply redirect back to the application base url.

As I stated previously, any Page that has been decorated with the RequireLoginAttribute, the login system will automatically be started if no valid ticket currently exists.

I hope you all find this useful, if you need any help integrating this, let me know.

Whats next? I hope to be able to build an ASP.NET MVC compatable library for those wanting to implement URL rerouting, etc. Also, I might ask the Neowin.net development staff to include more properties, such as a url to the user's avatar.

Ideas? If you have any, let me know!

Source code? If you are interested in the source code for this library, I'll be more than willing to share (need to finish development notes etc.)

Neowin.LoginServices.zip

Edited by Antaris
Link to comment
https://www.neowin.net/forum/topic/736472-neowin-login-services-neltnet-20/
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Politically funny images of the World

      By snowy owl · Posted

    • BleachBit 6.0.1 Beta

      By Copernic · Posted

      BleachBit 6.0.1 Beta by Razvan Serea When your computer is getting full, BleachBit quickly frees disk space. When your information is only your business, BleachBit guards your privacy. With BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean thousands of applications including Firefox, Microsoft Edge, Google Chrome, Opera, Safari, and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source. BleachBit has many useful features: Delete your private files so completely that "even God can't read them" according to South Carolina Representative Trey Gowdy. Simple operation: read the descriptions, check the boxes you want, click preview, and click delete. Multi-platform: Linux and Windows Free of charge and no money trail Free to share, learn, and modify (open source) No adware, spyware, malware, browser toolbars, or "value-added software" Translated to 64 languages besides American English Shred files to hide their contents and prevent data recovery Shred any file (such as a spreadsheet on your desktop) Overwrite free disk space to hide previously deleted files Portable app for Windows: run without installation Command line interface for scripting and automation CleanerML allows anyone to write a new cleaner using XML Automatically import and update winapp2.ini cleaner files (a separate download) giving Windows users access to 2500+ additional cleaners Frequent software updates with new features Going beyond standard deletion of files, BleachBit has several advanced cleaners: Clear the memory and swap on Linux Delete broken shortcuts on Linux Delete the Firefox URL history without deleting the whole file—with optional shredding Delete Linux localizations: delete languages you don't use. More powerful than localepurge and available on more Linux distributions. Clean APT for Debian, Ubuntu, Kubuntu, Xubuntu, and Linux Mint Find widely-scattered junk such as Thumbs.db and .DS_Store files. Execute yum clean for CentOS, Fedora, and Red Hat to remove cached package data Delete Windows registry keys—often where MRU (most recently used) lists are stored Delete the OpenOffice.org recent documents list without deleting the whole Common.xcu file Overwrite free disk space to hide previously files Vacuum Firefox, Google Chrome, Liferea, Thunderbird, and Yum databases: shrink files without removing data to save space and improve speed Surgically remove private information from .ini and JSON configuration files and SQLite3 databases without deleting the whole file Overwrite data in SQLite3 before deleting it to prevent recovery (optional) BleachBit 6.0.1 Beta release notes: BleachBit 6.0.1 beta is now available for testing. This maintenance-focused release includes bug fixes, updated translations, and a range of safe enhancements. This release fixes a Windows security issue that could allow arbitrary file deletion during privileged cleaning (reported by Zeze with TeamT5). It also adds new cleaners (including a DNS cache cleaner, Claude Code, and Visual Studio Code forks), support for multiple Chrome and Edge profiles, new deep scan options for developer directories like node_modules and venv, and safer, faster file shredding. All Platforms Added cleaners for Claude Code, DNS cache, and many Visual Studio Code forks. Added support for multiple Chrome and Edge profiles. Chrome can now clean downloaded AI models. Deep Scan can optionally remove venv, __pycache__, node_modules, and .angular directories. Deep Scan is faster by skipping directories on the keep list. File shredding is safer, faster, and leaves fewer recoverable traces. Improved handling of cookies, symlinks, Unicode filenames, external processes, and configuration files. Improved Expert Mode warnings and long warning dialogs. Fixed crashes related to cleaner detection, invalid Unicode, and malformed cleaner data. Clipboard is now cleared automatically after shredding files via paste operations. Linux Added AppImage support. Added cleaners for Visual Studio Code, Codeium, Librewolf (.deb), Transmission (Flatpak), and Profanity. Improved Linux trash detection, including Snap-installed applications and mounted drives. Fixed Wayland root CLI issues and several Snap-related problems. Improved package dependencies, AppStream metadata, and desktop file handling. Fixed startup crashes when Python Requests is unavailable. Windows Fixed a security vulnerability that could allow arbitrary file deletion when cleaning with elevated privileges. Added %WindowsSystem% variable support. Improved clipboard clearing using native Windows APIs. Improved installer experience on unsupported Windows versions. Reduced installer size and improved application robustness. Fixed Unicode handling, filename anonymization, Git revision reporting, and splash screen stability. [full release notes] Download: BleachBit 6.0 | Portable | ~20.0 MB (Open Source) View: BleachBit Home page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • DriversCloud 12.1.6

      By Copernic · Posted

      DriversCloud 12.1.6 by Razvan Serea With DriversCloud (formerly My-Config.com), you can explore your computer easily, safely and free. The application quickly scans your PC and identifies the hardware and software components. DriversCloud then establishes a list of the different drivers compatible with your OS and hardware. Download the drivers needed for the proper functioning of your computer. To detect your drivers, DriversCloud also displays a detailed summary of your hardware and software configuration, analyzes your BSOD, monitors in real-time your PC voltages and temperatures and lets you share your configuration online. Once the hardware components have been detected, you will be able to obtain with just a few clicks the latest drivers corresponding to the identified hardware. You can record your configuration on the site for free, and can get the corresponding URL to post the configuration to technical forums, e-mail and social networks. You can also download the detection result (the configuration) as a PDF file. To protect the user's privacy and data confidentiality, a 4-level confidentiality system was created that filters the XML marks and gives control to the user. The default level can be modified in the preferences. Using the maximum level will prevent the user from publishing his configuration and generating a corresponding PDF file. In non-connected mode, each XML configuration is stored on the server for one day (for practical reasons). However, you are given the opportunity to manually delete it. Created in 2004, and continually improved, My-Config.com has established itself on the web as a free service to PC users running Windows and Linux operating systems. The service is designed to work with the most common Internet browsers (Edge, Firefox, Chrome, Safari). Download: DriversCloud 64-bit | 20.0 MB (Freeware) Download: DriversCloud 32-bit | 18.9 MB Link: DriversCloud Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Microsoft about to radically change how often your Edge browser updates

      By +mram · Posted

      Ummmm Read my comment again.
    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • One Month Later
      AndreaB earned a badge
      One Month Later
    • One Month Later
      agatameier earned a badge
      One Month Later
    • Week One Done
      agatameier earned a badge
      Week One Done
    • Week One Done
      ssd21345 earned a badge
      Week One Done
    • Contributor
      MarkHughes4096 went up a rank
      Contributor

  • Popular Contributors

    1. 1
      +primortal
      516
    2. 2
      +Edouard
      189
    3. 3
      PsYcHoKiLLa
      148
    4. 4
      ATLien_0
      96
    5. 5
      Steven P.
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!