A few days ago, I got the following question about single sign on using ISAPI.
I read some of waht u wrote about ISAPI in http://groups.google.com
I have different servers with different site. Most of them are asp sites and some are asp.net and html (each server has some sites). One of those sites will be the authentication site. If this is valid user (user name /pw or dialing using our phone number) then she/he can view the other sites .How can I handle this problem? How can I share data between those sites? (Like session and cookies with in one site)
I thought ISAPI can handel this am I right?
so this is my first ISAPI(ISAPI for authenticate the user to view a site) and I have some problems with it:(
1-I overrided the funtion OnAuthentication to do the following:
check the username and password form Database(Sql 2000 server) if valid returns SF_STATUS_REQ_HANDLED_NOTIFICATION
2-I made a new site in the IIS and add the filter to it & made the authentication basic(I guess this is form where the OnAuthentication takes the username and password) am I right?
3-I run REGEDT32.EXE and modify the server's registry as follows. Select the Filter DLLs key in HKEY_LOCAL_MACHINE\CurrentControlSet\Services\W3SVC\Parameters and add my dll.
Is there somthing missing in those steps in order to make the ISAPI works?
Thx for any help u can offer
First, you must realize that this is a really loaded question that people usually get paid consulting to handle. Since you are implementing it, I am not going to give any details but instead just point out the general issues that you must handle. You must have a good idea of HTTP (read RFC2616) and the general design of your custom authentication protocol before you think about the technologies necessary to build it. Of course, ISAPI can handle this task, but until you have a good handle on what the tasks are, ISAPI will not be useful.
Based on your description, I am certain your filter is not even close to working as you want. You have not solved the following problems:
If this looks daunting, you may want to consider using ASP.Net 2.0 on IIS6 and wildcard scriptmap ASP.Net ISAPI to allow you to write HttpHandlers and HttpModules to do what you want. It will still protect ASP content, and you get to re-leverage a lot of the capabilities in ASP.Net that you have not written yourself. And yes, it is still an ISAPI (the ASP.Net ISAPI) that is doing the real work. It is just a different extensibility interface.