I’ve just rolled a new Padarn release – version 1.4.10126 – to add a new Authentication feature. In previous versions of Padarn, you had to put your username/password pairs into the WebServer’s configuration file. This isn’t too useful if you want to do run-time checking of credentials against something like a database.
Currently Padarn using what would be an analog to IIS authentication – that is to say that the user credentials are checked before any page code is run. This means that, for now anyway, Forms authentication is not an option. Instead I opted to allow you to set up the server to give you a callback whenever an authentication request occurs whether you’re using Basic or Digest authentication. For simplicity, the simple act of setting the callback tells the server to no longer look in the user list in the config file.
Setting up for dynamic authentication looks something like this. First, you create your server instance and then simply set the authentication callback:
m_ws = new WebServer();
m_ws.Configuration.Authentication.AuthenticationCallback = VerifyUsername;
And then you might define you callback like this (note that I’ve desinged it to handle both Basic and Digest – you probably would pick just one):
bool VerifyUsername(IAuthenticationCallbackInfo info)
// no username is invalid
if (string.IsNullOrEmpty(info.UserName)) return false;
// first do a lookup of the password – this might come from a database, file, etc
string password = GetPasswordForUser(info.UserName);
if (password == null) return false;
// determine the type
BasicAuthInfo basic = info as BasicAuthInfo;
if (basic != null)
// we’re using basic auth
return (basic.Password == password);
// it wasn’t basic, so it must be digest
DigestAuthInfo digest = info as DigestAuthInfo;
The GetPasswordForUser function would look up a password given a username.