开发者

How to skip authentication for certain user agentes on IIS7?

问答 作者:

I'm writting a software in C# and .NET to manage my store, which has a site where you can go and opt in to receive a sellers person visit. This site has an behind the scenes manager, but I want the software to do this instead, effectively removing the browser manager and the first step towards this goal is to allow the software access to a PHP script that generates tha XML file required.

The problem is, the login mechanics, written in C# and using web.config, doesn't allow开发者_高级运维 the software to access the said script, which is inside a protected folder for the browser manager. I already tried using HttpWebRequest object, WebClient object with lots os combinations of post, credentials, streams and even a special user-agent to try and login, without success, I can only download the login page.

Here's the code I'm using to download data at the moment (That's my latest try, using the special header):

string agent = "AGENT"; //Not real name, it's just confidential
WebClient client = new WebClient();
client.Headers["HTTP_USER_AGENT"] = agent;
client.DownloadFileCompleted += new AsyncCompletedEventHandler(DownloadFileCompletedEvtHdl);
client.DownloadProgressChanged += new DownloadProgressChangedEventHandler(DownloadProgressChangedEvtHdl);
if (!Directory.Exists(toSavePath))
{
   Directory.CreateDirectory(toSavePath);
}
 if (File.Exists(toSavePath + filename))
{
   File.Delete(toSavePath + filename);
}
client.DownloadFileAsync(new Uri(url), toSavePath + filename);

The login page is pretty simple, it only assings a click event to the login button to check if the user and password are the same in web.config. If true, got to redirect page, else, error.

So, what's the best method for this? Is there any way to configure IIS7 to skip the authentication on that special user agent or some other custom header? Or I'm going the wrong way?

Thanks in advance!

What you want to do is write a HttpModule (or use the global.asax) to hook into the AuthorizeRequest event.

At this stage you can verify whatever allows your user to bypass logging in and you can then set

context.SkipAuthorization = true

http://csharpdotnetfreak.blogspot.com/2009/04/aspnet-bypass-forms-authentication.html

继续阅读:asp.netauthenticationiis-7

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9