Compiling the Custom Module
Before you can use the XmlAuthentication module, you must first compile the module and move it to your application /bin directory. The complete code for the module is included in Listing 8. You can link to the XmlAuthenticationModule.vb file here.
Listing 8XmlAuthenticationModule.vb File
Imports System Imports System.Web Imports System.Security.Principal Imports System.Data Imports System.Collections Imports System.Web.Caching Public Class XmlAuthenticationModule Implements IHttpModule ' Register Event Handlers Public Sub Init( application As HttpApplication ) _ Implements IHttpModule.Init AddHandler Application.AuthenticateRequest, AddressOf XmlAuthenticate AddHandler Application.AuthorizeRequest, AddressOf XmlAuthorize End Sub ' Handle AuthenticateRequest Event Private Sub XmlAuthenticate( s As Object, e As EventArgs ) Dim application As HttpApplication Dim strUserID As String Dim objIdentity As GenericIdentity Dim objPrincipal As GenericPrincipal Dim arrRoles As String() application = CType( s, HttpApplication ) strUserID = application.Request.Params( "XmlUserID" ) If strUserID = Nothing Then strUserID = "anonymous" End If strUserID = strUserID.ToLower() objIdentity = New GenericIdentity( strUserID, "XML" ) arrRoles = GetRoles( strUserID, application ) objPrincipal = New GenericPrincipal( objIdentity, arrRoles ) application.Context.User = objPrincipal End Sub ' Retrieve List of User Roles from XML File Function GetRoles( strUserID As String, application as HttpApplication ) As String() Dim dstUsers As DataSet Dim drowRoleList As DataRow() Dim drowRole As DataRow Dim colRoles As ArrayList Dim strFilePath As String dstUsers = application.Context.Cache( "XmlRoles" ) If dstUsers Is Nothing Then dstUsers = New DataSet strFilePath = application.Server.MapPath( application.Request.ApplicationPath & "/XmlRoles.xml" ) dstUsers.ReadXml( strFilePath ) application.Context.Cache.Insert( "XmlRoles", dstUsers, New CacheDependency( strFilePath ) ) End If drowRoleList = dstUsers.Tables( 0 ).Select( "userID='" & strUserID & "'" ) colRoles = New ArrayList For each drowRole in drowRoleList colRoles.Add( drowRole( "role" ).ToString() ) Next Return colRoles.ToArray( GetType( String ) ) End Function ' Handle Authorization Event Private Sub XmlAuthorize( s As Object, e As EventArgs ) Dim application As HttpApplication Dim arrAuthRoles As DataRow() Dim drowRole As DataRow Dim blnAuthorized = False application = CType( s, HttpApplication ) arrAuthRoles = GetAuthRoles( application.Request.Path, application ) For Each drowRole in arrAuthRoles If application.User.IsInRole( drowRole( "role" ) ) Then blnAuthorized = True End If Next If Not blnAuthorized Then application.Response.Write( "<h1>Forbidden!<h1>" ) application.Response.End End If End Sub ' Get List of Authorized Roles Function GetAuthRoles( strUrl As String, application As HttpApplication ) As DataRow() Dim dstAuthRoles As DataSet Dim drowRoleList As DataRow() Dim drowRole As DataRow Dim colRoles As ArrayList Dim strFilePath As String dstAuthRoles = application.Context.Cache( "XmlAuthRoles" ) If dstAuthRoles Is Nothing Then dstAuthRoles = New DataSet strFilePath = application.Server.MapPath( application.Request.ApplicationPath & "/XmlAuthRoles.xml" ) dstAuthRoles.ReadXml( strFilePath ) application.Context.Cache.Insert( "XmlAuthRoles", dstAuthRoles, New CacheDependency( strFilePath ) ) End If Return dstAuthRoles.Tables( 0 ).Select( "path='" & strUrl & "'" ) End Function ' Perform Module Cleanup Public Sub Dispose() _ Implements IHttpModule.Dispose End Sub End Class
You can compile the class file in Listing 8 with the Visual Basic .NET command line compiler. Switch to the directory that contains the XmlAuthentication module, and execute the following statement from the command prompt:
vbc /t:library /r:System.dll,System.Web.dll,System.data.dll,System.xml.dll XmlAuthenticationModule.vb
This command compiles the source code and creates a new assembly named XmlAuthenticationModule.dll. After the assembly is created, you'll need to move the assembly to the /bin directory located directly beneath your application root directory. If the /bin directory does not exist, you can create it. Moving the assembly to your /bin directory makes the assembly visible to your ASP.NET application.