Dynamic Authentication with Padarn

I’ve just rolled a new Padarn release – version 1.4.10126 – to add a new Authentication feature.  In previous versions of Padarn, you had to put your username/password pairs into the WebServer’s configuration file.  This isn’t too useful if you want to do run-time checking of credentials against something like a database.


Currently Padarn using what would be an analog to IIS authentication – that is to say that the user credentials are checked before any page code is run.  This means that, for now anyway, Forms authentication is not an option.  Instead I opted to allow you to set up the server to give you a callback whenever an authentication request occurs whether you’re using Basic or Digest authentication.  For simplicity, the simple act of setting the callback tells the server to no longer look in the user list in the config file.


Setting up for dynamic authentication looks something like this.  First, you create your server instance and then simply set the authentication callback:


m_ws = new WebServer();
m_ws.Configuration.Authentication.AuthenticationCallback = VerifyUsername;


And then you might define you callback like this (note that I’ve desinged it to handle both Basic and Digest – you probably would pick just one):


bool VerifyUsername(IAuthenticationCallbackInfo info)
{
  // no username is invalid
  if (string.IsNullOrEmpty(info.UserName)) return false;

  // first do a lookup of the password – this might come from a database, file, etc
  string password = GetPasswordForUser(info.UserName);
  if (password == null) return false;

  // determine the type
  BasicAuthInfo basic = info as BasicAuthInfo;
  if (basic != null)
  {
    // we’re using basic auth
    return (basic.Password == password);
  }

  // it wasn’t basic, so it must be digest
  DigestAuthInfo digest = info as DigestAuthInfo;
  return digest.MatchCredentials(password);
}


The GetPasswordForUser function would look up a password given a username.
 

2 thoughts on “Dynamic Authentication with Padarn”

  1. $3000 for a web server on CE? Someone could just buy a full micro PC and load Windows 2003 Server Web Edition on it for less. Sure, that is for up to 1000 devices, but it completely elimiates your product for all small scale projects. Besides, per device licensing is a poor model for .NET programming anyways.

    Finally, this product does not REALLY support ASP.NET. You cannot put your aspx files from a server project in a folder and have Padarn serve them successfully. In fact all your examples show web pages being created with DOM code. That is not really ASP.NET.

    Like

  2. Sure, you could build a Micro-PC running Windows Server. A CE license is $3, a Server 2003 license is probably $200 off of eBay a 2008 license is over $1k. It doesn’t take many devices before you cross break-even and availability is important to some projects.. There are a lot of other reasons CE might be better than XP or Windows Server in many, many applications.

    As far as ASP.NET support, your argument would also then hold that since you can’t take a desktop assembly and run it against the CF then the Compact Framework isn’t really .NET. Assets written for Padarn will run under IIS, not necessarily the reverse.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s