| ![]() |
In case of Integrated Windows authentication your application delegates the authentication responsibility to the underlying IIS.
<authentication mode="Windows" />
<httpModules>
<remove name="FileAuthorization"/>
</httpModules>
<httpModules>
<clear />
<add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/>
</httpModules>
Note that Microsoft WebFolder WebDAV client will not work with digest authentication in case of IWA. If you would like to use Web Folders client together with digest authentication you must provide custom implementation of digest protocol.
In your code you will be able to access logged in user using HttpContext.Current.User.Identity property:
public override
WebDAVResponse Delete()
{
...
if(HttpContext.Current.User.Identity.Name.ToLower()
!= "domain\\user1")
return new AccessDeniedResponse();
// sets 401 status code
...
return
new NoContentResponse();
}
If you return AccessDeniedResponse class from your method implementation the engine sets 401 status code and standard WindowsAuthentication module provided by ASP.NET will attach WWW-Authenticate header. When the client application receives WWW-Authenticate header it shows login dialog.
Cofiguring Impersonation
Impersonation is required if you would like your WebDAV server to run on behalf of the Windows user accessing the server. To setup impersonation configure IWA as described above and add identity tag to your web.config file:
<configuration>
<system.web>
<identity impersonate="true" />
...
</system.web>
...
</configuration>
To authenticate against your credential store using basic authentication you must first extract base64-encoded user name and password sent by client. The credentials are stored in Authorization request header. Usually you will create custom HttpModule for this purpose. BasicAuthenticationModule class provided with SqlStorage WebDAV server sample demonstrates this approach. You will have to replace BasicAuthenticationModule.Authenticate method implementation with a check against your custom users store.
To setup basic authentication:
<httpModules>
<remove name="FileAuthorization"/>
<add name="BasicAuthenticationModule" type="WebDAVServer.SqlStorage.BasicAuthenticationModule, WebDAVServer.SqlStorage" />
</httpModules>
To verify if user was authenticated you can use HttpContext.Current.Request.IsAuthenticated property:
public class
WebDAVHandler : IHttpHandler
{
public
void ProcessRequest(HttpContext context)
{
if(!context.Request.IsAuthenticated)
return;
WDEngine engine = new WDEngine();
WDRequest request = new WDRequest();
WDResponse response = new WDResponse();
engine.Run(request,
response);
}
...
}
To access logged in user you can use HttpContext.Current.User.Identity call. If you return AccessDeniedResponse class from your method implementation the engine sets 401 response status code making BasicAuthenticationModule class send ‘WWW-Authenticate: Basic’ header. When the client application receives WWW-Authenticate header it shows login dialog.
public WebDAVResponse
CreateFolder(string name)
{
if(HttpContext.Current.User.Identity.Name!="User1")
return new AccessDeniedResponse();
...
}