Building and Installing the Smart Card HttpModule

8:38 PM j. montgomery 8 Comments

Page 2 of 9

Previous Page: Introduction Next Page: IIS Configuration

The IHttpModule interface we need to implement is very simple. Here is the interface, as defined by Microsoft in the .NET Framework. IHttpModule is in the System.Web namespace:

C#

1 interface IHttpModule
2 {
3 // called to attach module to app events
4 void Init(HttpApplication app);
5 // called to clean up
6 void Dispose();
7 }
8

VB.Net

1 Interface IHttpModule
2 ' called to attach module to app events
3 Sub Init(ByVal app As HttpApplication);
4 ' called to clean up
5 Sub Dispose()
6 End Interface
7

To get a basic HTTP Module up and functioning is incredibly trivial. There are really only three steps involved:

1. Create a class that Implements IHttpModule


C#


1 public class SmartCardAuthenticationModule : IHttpModule
2 public void Init(HttpApplication context)
3 {
4 }
5
6 public void Dispose()
7 {
8 }
9 }
10

VB.Net

1 Public Class SmartCardAuthenticationModule
2 Implements System.Web.IHttpModule
3
4 Public Sub Init(ByVal context As System.Web.HttpApplication) _
5 Implements System.Web.IHttpModule.Init
6 End Sub
7
8 Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
9 End Sub
10 End Class
11

2. Next wire up the events to handle in the Init() method of the class – compile it in an assembly that you reference in your web project (or include it in your web project directly).

C#


1 public void Init(HttpApplication context)
2 {
3 context.AuthenticateRequest += new EventHandler(Me.OnAuthenticateRequest);
4 }
5
6 private void OnAuthenticateRequest(object sender, EventArgs e)
7 {
8 // Here's where the work of authentication takes place.
9 }
10

VB.Net

1 Public Sub Init(ByVal context As System.Web.HttpApplication) _
2 Implements System.Web.IHttpModule.Init
3
4 AddHandler context.AuthenticateRequest, _
5 New EventHandler(AddressOf Me.OnAuthenticateRequest)
6 End Sub
7
8 Private Sub OnAuthenticateRequest(ByVal source As Object, ByVal eventArgs _
9 As EventArgs)
10 ' Here's where the work of authentication takes place.
11 End Sub
12

3. Install the Smart Card HttpModule into your ASP.NET application using the Web.Config and deny all anonymous users in the authorization section.
1 <configuration>
2 <system.web>
3 <httpModules>
4 <add name="SmartCardAuthentication"
5 type="SmartCardAuthentication.SmartCardAuthenticationModule,
6 SmartCardAuthentication" />
7 </httpModules>
8 <authorization>
9 <!-- Deny all Anonymous Users -->
10 <deny users="?" />
11 </authorization>
12 </system.web>
13 </configuration>
14

Once added to the web.config, re-run the code that displays installed HTTP Modules. The SmartCardAuthentication module should show up in the pipeline:

Figure 3 – ASPX page shows that the Smart Card module is installed.


Figure 3 – ASPX page shows that the Smart Card module is installed.


In Figure 2, the addition of SmartCardAuthentication in the list. This is how you can tell if your module is installed and running correctly.


Above is the most basic skeleton of code I’ll be working from, but before getting into the details of the code, IIS must be configured to support Smart Card Authentication.

Two Important Points about IIS Configuration as it relates to Smart Cards/Client Certificates:


  • If IIS is not configured to actually accept and present the Client/Smart Card Certificate (by way of the HttpCertificate object) to ASP.NET, it is critical that the SmartCardAuthenticationModule code deny access to anyone accessing the site – using the principal of failing securely.
  • On the flip side, if IIS is not configured to limit what Certificates are acceptable through the Certificate Trust Lists (CTL), the web server will inappropriately grant permissions to more users then expected. We can do some extra checks in code as well to fail securely in this case as well.

Previous Page: Introduction Next Page: IIS Configuration


Page 2 of 9

8 comments:

  1. Hey, j. montgomery,

    One question please,how do i compile an .aspx file in to assembly?
    How do i make the referrence to my web project?

    I am new to ASP.NET,thanks a lot in advance!

    ReplyDelete
  2. I'm not sure I completely follow.

    "How do I compile an .aspx file in to assembly"

    The aspx pages get compiled into assemblies automatically by ASP.NET on the web server.

    "How do I make the reference to my web project."

    What exactly are you trying to reference?

    ReplyDelete
  3. hello sir,
    i have a scenario like this.when the user clicks on the url of my web application it should ask for a smart card login.as soon as the user swipes/insert the card.it should bring up a screen for entering the pin.once the pin is entered the user is now successfully logged in.

    ReplyDelete
  4. sorry but i didnt get the second page.

    i get the following error..


    Compilation Error
    Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.

    Compiler Error Message: BC31035: Interface 'System.Web.IHttpModule' is not implemented by this class.

    Source Error:



    Line 14:
    Line 15:
    Line 16: Public Sub Init(ByVal context As System.Web.HttpApplication) implements System.Web.IHttpModule.Init
    Line 17:
    Line 18: AddHandler context.AuthenticateRequest, New EventHandler(AddressOf Me.OnAuthenticateRequest)


    Source File: D:\wap\dotnet\test2.aspx Line: 16

    please answer soon. i need help

    ReplyDelete
  5. Anikkket, so sorry about the delayed response.

    I suspect the SmareCardAuthenticationModule isn't getting loaded from the Web.config file. Can you verify that your web.config file is configured properly?

    ReplyDelete
  6. Added info to web.config but keep getting error

    Configuration Error
    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: Could not load file or assembly 'SmartCardAuthentication' or one of its dependencies. The system cannot find the file specified. (C:\Documents and Settings\My Documents\Visual Studio 2008\WebSites\STARPUBS_WEBSITE\web.config line 116)

    Source Error:


    Line 114:
    Line 115: add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
    Line 116: add name="SmartCardAuthentication" type="SmartCardAuthentication.SmartCardAuthenticationModule,SmartCardAuthentication"
    Line 117:
    Line 118:


    Source File: C:\Documents and Settings\My Documents\Visual Studio 2008\WebSites\STARPUBS_WEBSITE\web.config Line: 116

    ReplyDelete
  7. Is it me or is this plagiarized from http://www.atgi.com/dist/Implementing%20Smart%20Card%20Authentication%20and%20Authorization%20with%20ASP.NET.pdf

    ReplyDelete
  8. Noticed the name at the bottom--oops.

    ReplyDelete