クライアント認証プロセス中に呼び出される認証モジュールを管理します。
この型のすべてのメンバの一覧については、AuthenticationManager メンバ を参照してください。
System.Object
System.Net.AuthenticationManager
Public Class AuthenticationManager
[C#]
public class AuthenticationManager
[C++]
public __gc class AuthenticationManager
[JScript]
public class AuthenticationManager
スレッドセーフ
この型の public static (Visual Basicでは Shared) のすべてのメンバは、マルチスレッド操作で安全に使用できます。インスタンスのメンバの場合は、スレッドセーフであるとは限りません。
解説
AuthenticationManager は、アプリケーションが使用する認証モジュールを管理する静的クラスです。保護されたリソースに対して要求を行った場合、 AuthenticationManager は Authenticate メソッドを呼び出して、次の要求で使用する Authorization インスタンスを取得します。
AuthenticationManager はモジュールごとに IAuthenticationModule.Authenticate メソッドを呼び出して、登録された各認証モジュールに照会します。 Authorization インスタンスを返した最初の認証モジュールが要求を認証するために使用されます。
既定では、基本、ダイジェスト、ネゴシエート、NTLM、Kerberos の各認証の種類を提供するモジュールが AuthenticationManager で登録されています。 IAuthenticationModule インターフェイスを実装する認証モジュールは、 Register メソッドを使用して追加できます。認証モジュールは、一覧に追加した順序で呼び出されます。
メモ Kerberos 認証およびネゴシエート認証の種類は、Windows 95/98 および Windows NT 4.0 ではサポートされていません。
使用例
' The following example shows how to create a custom Basic authentication module,
' how to register it using the AuthenticationManager class and how to authorize
' users to access a Web site.
' Note: To run this program you must create a test Web site that performs
' Basic authentication. Also you must add to your server machine a user whose
' credentials are the same as the ones you use in this program.
' Attention: Basic authentication sends the user's credentials over HTTP.
' Passwords and user names are encoded using Base64 encoding. Although the
' user information is encoded, it is considered insecure becasue it could be deciphered
' relatively easily.
' If you must use Basic authentication you are strongly advised to use strong
' security mechanisms, such as SSL, when transferring sensitive information.
Imports System
Imports System.Net
Imports System.IO
Imports System.Text
Imports System.Collections
Imports Microsoft.VisualBasic
Namespace Mssc.Services.Authentication
Module TestingAuthentication
' The ClientAuthentication class performs the following main tasks:
' 1) Obtains the user's credentials.
' 2) Unregisters the standard Basic authentication.
' 3) Registers the custom Basic authentication.
' 4) Reads the selected page and displays it on the console.
Class TestAuthentication
Private Shared username, password, ___domain, uri As String
'This method invoked when the user does not enter the required input parameters.
Private Shared Sub showusage()
Console.WriteLine("Attempts to authenticate to a URL")
Console.WriteLine(ControlChars.Cr + ControlChars.Lf + "Use one of the following:")
Console.WriteLine(ControlChars.Tab + "customBasicAuthentication URL username password ___domain")
Console.WriteLine(ControlChars.Tab + "customBasicAuthentication URL username password")
End Sub 'showusage
' Display registered authentication modules.
Private Shared Sub displayRegisteredModules()
' The AuthenticationManager calls all authentication modules sequentially
' until one of them responds with an authorization instance. Show
' the current registered modules.
Dim registeredModules As IEnumerator = AuthenticationManager.RegisteredModules
Console.WriteLine(ControlChars.Cr + ControlChars.Lf + "The following authentication modules are now registered with the system:")
While registeredModules.MoveNext()
Console.WriteLine(ControlChars.Cr + " " + ControlChars.Lf + " Module : {0}", registeredModules.Current)
Dim currentAuthenticationModule As IAuthenticationModule = CType(registeredModules.Current, IAuthenticationModule)
Console.WriteLine(ControlChars.Tab + " CanPreAuthenticate : {0}", currentAuthenticationModule.CanPreAuthenticate)
End While
End Sub 'displayRegisteredModules
' The getPage method accesses the selected page and displays its content
' on the console.
Private Shared Sub getPage(ByVal url As [String])
Try
' Create the Web request object.
Dim req As HttpWebRequest = CType(WebRequest.Create(url), HttpWebRequest)
' Define the request access method.
req.Method = "GET"
' Define the request credentials according to the user's input.
If ___domain = [String].Empty Then
req.Credentials = New NetworkCredential(username, password)
' If the user does not specify the Internet resource ___domain, this usually
' is by default the name of the sever hosting the resource.
Else
req.Credentials = New NetworkCredential(username, password, ___domain)
End If
' Issue the request.
Dim result As HttpWebResponse = CType(req.GetResponse(), HttpWebResponse)
Console.WriteLine(ControlChars.Lf + "Authentication Succeeded:")
' Store the response.
Dim sData As Stream = result.GetResponseStream()
' Display the response.
displayPageContent(sData)
Catch e As WebException
' Display any errors. In particular, display any protocol-related error.
If e.Status = WebExceptionStatus.ProtocolError Then
Dim hresp As HttpWebResponse = CType(e.Response, HttpWebResponse)
Console.WriteLine((ControlChars.Lf + "Authentication Failed, " + hresp.StatusCode))
Console.WriteLine(("Status Code: " + Fix(hresp.StatusCode)))
Console.WriteLine(("Status Description: " + hresp.StatusDescription))
Return
End If
Console.WriteLine(("Caught Exception: " + e.Message))
Console.WriteLine(("Stack: " + e.StackTrace))
End Try
End Sub 'getPage
' The displayPageContent method display the content of the
' selected page.
Private Shared Sub displayPageContent(ByVal ReceiveStream As Stream)
' Create an ASCII encoding object.
Dim ASCII As Encoding = Encoding.ASCII
' Define the byte array to temporarily hold the current read bytes.
Dim read(511) As [Byte]
Console.WriteLine(ControlChars.Cr + ControlChars.Lf + "Page Content..." + ControlChars.Cr + ControlChars.Lf)
' Read the page content and display it on the console.
' Read the first 512 bytes.
Dim bytes As Integer = ReceiveStream.Read(read, 0, 512)
While bytes > 0
Console.Write(ASCII.GetString(read, 0, bytes))
bytes = ReceiveStream.Read(read, 0, 512)
End While
Console.WriteLine("")
End Sub 'displayPageContent
'Entry point which delegates to C-style main Private Function
'Public Overloads Sub Main(ByVal args() As String)
' Main(System.Environment.GetCommandLineArgs())
'End Sub
' This is the program entry point. It allows the user to enter
' her credentials and the Internet resource (Web page) to access.
' It also unregisters the standard and registers the customized Basic
' authentication.
Public Shared Sub Main(ByVal args() As String)
If args.Length < 3 Then
showusage()
Else
' Read the user's credentials.
uri = args(0)
username = args(1)
password = args(2)
If args.Length = 3 Then
___domain = String.Empty
' If the ___domain exists, store it. Usually the ___domain name
' is by default the name of the server hosting the Internet
' resource.
Else
___domain = args(3)
End If
' Instantiate the custom Basic authentication module.
Dim customBasicModule As New CustomBasic()
' Unregister the standard Basic authentication module.
AuthenticationManager.Unregister("Basic")
' Register the custom Basic authentication module.
AuthenticationManager.Register(customBasicModule)
' Display registered authorization modules.
displayRegisteredModules()
' Read the specified page and display it on the console.
getPage(uri)
End If
Return
End Sub 'Main
' The CustomBasic class creates a custom Basic authentication by implementing the
' IAuthenticationModule interface. It performs the following
' tasks:
' 1) Defines and initializes the required properties.
' 2) Implements the Authenticate and PreAuthenticate methods.
Public Class CustomBasic
Implements IAuthenticationModule
Private m_authenticationType As String
Private m_canPreAuthenticate As Boolean
' The CustomBasic constructor initializes the properties of the customized
' authentication.
Public Sub New()
m_authenticationType = "Basic"
m_canPreAuthenticate = False
End Sub 'New
' Define the authentication type. This type is then used to identify this
' custom authentication module. The default is set to Basic.
Public ReadOnly Property AuthenticationType() As String _
Implements IAuthenticationModule.AuthenticationType
Get
Return m_authenticationType
End Get
End Property
' Define the pre-authentication capabilities for the module. The default is set
' to false.
Public ReadOnly Property CanPreAuthenticate() As Boolean _
Implements IAuthenticationModule.CanPreAuthenticate
Get
Return m_canPreAuthenticate
End Get
End Property
' The checkChallenge method checks whether the challenge sent by the HttpWebRequest
' contains the correct type (Basic) and the correct ___domain name.
' Note: The challenge is in the form BASIC REALM="DOMAINNAME";
' the Internet Web site must reside on a server whose
' ___domain name is equal to DOMAINNAME.
Public Function checkChallenge(ByVal Challenge As String, ByVal ___domain As String) As Boolean
Dim challengePasses As Boolean = False
Dim tempChallenge As [String] = Challenge.ToUpper()
' Verify that this is a Basic authorization request and that the requested ___domain
' is correct.
' Note: When the ___domain is an empty string, the following code only checks
' whether the authorization type is Basic.
If tempChallenge.IndexOf("BASIC") <> -1 Then
If ___domain <> [String].Empty Then
If tempChallenge.IndexOf(___domain.ToUpper()) <> -1 Then
challengePasses = True
' The ___domain is not allowed and the authorization type is Basic.
Else
challengePasses = False
End If
' The ___domain is a blank string and the authorization type is Basic.
Else
challengePasses = True
End If
End If
Return challengePasses
End Function 'checkChallenge
' The PreAuthenticate method specifies whether the authentication implemented
' by this class allows pre-authentication.
' Even if you do not use it, this method must be implemented to obey to the rules
' of interface implementation.
' In this case it always returns null.
Public Function PreAuthenticate(ByVal request As WebRequest, ByVal credentials As ICredentials) As Authorization _
Implements IAuthenticationModule.PreAuthenticate
Return Nothing
End Function 'PreAuthenticate
' Authenticate is the core method for this custom authentication.
' When an Internet resource requests authentication, the WebRequest.GetResponse
' method calls the AuthenticationManager.Authenticate method. This method, in
' turn, calls the Authenticate method on each of the registered authentication
' modules, in the order in which they were registered. When the authentication is
' complete an Authorization object is returned to the WebRequest.
Public Function Authenticate(ByVal challenge As String, ByVal request As WebRequest, ByVal credentials As ICredentials) As Authorization _
Implements IAuthenticationModule.Authenticate
Dim ASCII As Encoding = Encoding.ASCII
' Get the username and password from the credentials
Dim MyCreds As NetworkCredential = credentials.GetCredential(request.RequestUri, "Basic")
If PreAuthenticate(request, credentials) Is Nothing Then
Console.WriteLine(ControlChars.Lf + " Pre-authentication is not allowed.")
Else
Console.WriteLine(ControlChars.Lf + " Pre-authentication is allowed.")
End If
' Verify that the challenge satisfies the authorization requirements.
Dim challengeOk As Boolean = checkChallenge(challenge, MyCreds.Domain)
If Not challengeOk Then
Return Nothing
End If
' Create the encrypted string according to the Basic authentication format as
' follows:
' a)Concatenate the username and password separated by colon;
' b)Apply ASCII encoding to obtain a stream of bytes;
' c)Apply Base64 encoding to this array of bytes to obtain the encoded
' authorization.
Dim BasicEncrypt As String = MyCreds.UserName + ":" + MyCreds.Password
Dim BasicToken As String = "Basic " + Convert.ToBase64String(ASCII.GetBytes(BasicEncrypt))
' Create an Authorization object using the encoded authorization above.
Dim resourceAuthorization As New Authorization(BasicToken)
' Get the Message property, which contains the authorization string that the
' client returns to the server when accessing protected resources.
Console.WriteLine(ControlChars.Lf + " Authorization Message:{0}", resourceAuthorization.Message)
' Get the Complete property, which is set to true when the authentication process
' between the client and the server is finished.
Console.WriteLine(ControlChars.Lf + " Authorization Complete:{0}", resourceAuthorization.Complete)
Console.WriteLine(ControlChars.Lf + " Authorization ConnectionGroupId:{0}", resourceAuthorization.ConnectionGroupId)
Return resourceAuthorization
End Function 'Authenticate
End Class 'CustomBasic
End Module
End Namespace
[C#]
// The following example shows how to create a custom Basic authentication module,
// how to register it using the AuthenticationManager class and how to authorize
// users to access a Web site.
// Note: To run this program you must create a test Web site that performs
// Basic authentication. Also you must add to your server machine a user whose
// credentials are the same as the ones you use in this program.
// Attention: Basic authentication sends the user's credentials over HTTP.
// Passwords and user names are encoded using Base64 encoding. Although the
// user information is encoded, it is considered insecure becasue it could be deciphered
// relatively easily.
// If you must use Basic authentication you are strongly advised to use strong
// security mechanisms, such as SSL, when transferring sensitive information.
using System;
using System.Net;
using System.IO;
using System.Text;
using System.Collections;
namespace Mssc.Services.Authentication
{
// The ClientAuthentication class performs the following main tasks:
// 1) Obtains the user's credentials.
// 2) Unregisters the standard Basic authentication.
// 3) Registers the custom Basic authentication.
// 4) Reads the selected page and displays it on the console.
class TestAuthentication
{
private static string username, password, ___domain, uri;
// This method invoked when the user does not enter the required input parameters.
private static void showusage()
{
Console.WriteLine("Attempts to authenticate to a URL");
Console.WriteLine("\r\nUse one of the following:");
Console.WriteLine("\tcustomBasicAuthentication URL username password ___domain");
Console.WriteLine("\tcustomBasicAuthentication URL username password");
}
// Display registered authentication modules.
private static void displayRegisteredModules()
{
// The AuthenticationManager calls all authentication modules sequentially
// until one of them responds with an authorization instance. Show
// the current registered modules.
IEnumerator registeredModules = AuthenticationManager.RegisteredModules;
Console.WriteLine("\r\nThe following authentication modules are now registered with the system:");
while(registeredModules.MoveNext())
{
Console.WriteLine("\r \n Module : {0}",registeredModules.Current);
IAuthenticationModule currentAuthenticationModule = (IAuthenticationModule)registeredModules.Current;
Console.WriteLine("\t CanPreAuthenticate : {0}",currentAuthenticationModule.CanPreAuthenticate);
}
}
// The getPage method accesses the selected page and displays its content
// on the console.
private static void getPage(String url)
{
try
{
// Create the Web request object.
HttpWebRequest req = (HttpWebRequest) WebRequest.Create(url);
// Define the request access method.
req.Method = "GET";
// Define the request credentials according to the user's input.
if (___domain == String.Empty)
req.Credentials = new NetworkCredential(username, password);
else
// If the user does not specify the Internet resource ___domain, this usually
// is by default the name of the sever hosting the resource.
req.Credentials = new NetworkCredential(username, password, ___domain);
// Issue the request.
HttpWebResponse result = (HttpWebResponse) req.GetResponse();
Console.WriteLine("\nAuthentication Succeeded:");
// Store the response.
Stream sData = result.GetResponseStream();
// Display the response.
displayPageContent(sData);
}
catch (WebException e)
{
// Display any errors. In particular, display any protocol-related error.
if (e.Status == WebExceptionStatus.ProtocolError)
{
HttpWebResponse hresp = (HttpWebResponse) e.Response;
Console.WriteLine("\nAuthentication Failed, " + hresp.StatusCode);
Console.WriteLine("Status Code: " + (int) hresp.StatusCode);
Console.WriteLine("Status Description: " + hresp.StatusDescription);
return;
}
Console.WriteLine("Caught Exception: " + e.Message);
Console.WriteLine("Stack: " + e.StackTrace);
}
}
// The displayPageContent method display the content of the
// selected page.
private static void displayPageContent(Stream ReceiveStream)
{
// Create an ASCII encoding object.
Encoding ASCII = Encoding.ASCII;
// Define the byte array to temporarily hold the current read bytes.
Byte[] read = new Byte[512];
Console.WriteLine("\r\nPage Content...\r\n");
// Read the page content and display it on the console.
// Read the first 512 bytes.
int bytes = ReceiveStream.Read(read, 0, 512);
while (bytes > 0)
{
Console.Write(ASCII.GetString(read, 0, bytes));
bytes = ReceiveStream.Read(read, 0, 512);
}
Console.WriteLine("");
}
// This is the program entry point. It allows the user to enter
// her credentials and the Internet resource (Web page) to access.
// It also unregisters the standard and registers the customized Basic
// authentication.
public static void Main(string[] args)
{
if (args.Length < 3)
showusage();
else
{
// Read the user's credentials.
uri = args[0];
username = args[1];
password = args[2];
if (args.Length == 3)
___domain = string.Empty;
else
// If the ___domain exists, store it. Usually the ___domain name
// is by default the name of the server hosting the Internet
// resource.
___domain = args[3];
// Instantiate the custom Basic authentication module.
CustomBasic customBasicModule = new CustomBasic();
// Unregister the standard Basic authentication module.
AuthenticationManager.Unregister("Basic");
// Register the custom Basic authentication module.
AuthenticationManager.Register(customBasicModule);
// Display registered authorization modules.
displayRegisteredModules();
// Read the specified page and display it on the console.
getPage(uri);
}
return;
}
}
// The CustomBasic class creates a custom Basic authentication by implementing the
// IAuthenticationModule interface. It performs the following
// tasks:
// 1) Defines and initializes the required properties.
// 2) Implements the Authenticate method.
public class CustomBasic : IAuthenticationModule
{
private string m_authenticationType ;
private bool m_canPreAuthenticate ;
// The CustomBasic constructor initializes the properties of the customized
// authentication.
public CustomBasic()
{
m_authenticationType = "Basic";
m_canPreAuthenticate = false;
}
// Define the authentication type. This type is then used to identify this
// custom authentication module. The default is set to Basic.
public string AuthenticationType
{
get
{
return m_authenticationType;
}
}
// Define the pre-authentication capabilities for the module. The default is set
// to false.
public bool CanPreAuthenticate
{
get
{
return m_canPreAuthenticate;
}
}
// The checkChallenge method checks whether the challenge sent by the HttpWebRequest
// contains the correct type (Basic) and the correct ___domain name.
// Note: The challenge is in the form BASIC REALM="DOMAINNAME";
// the Internet Web site must reside on a server whose
// ___domain name is equal to DOMAINNAME.
public bool checkChallenge(string Challenge, string ___domain)
{
bool challengePasses = false;
String tempChallenge = Challenge.ToUpper();
// Verify that this is a Basic authorization request and that the requested ___domain
// is correct.
// Note: When the ___domain is an empty string, the following code only checks
// whether the authorization type is Basic.
if (tempChallenge.IndexOf("BASIC") != -1)
if (___domain != String.Empty)
if (tempChallenge.IndexOf(___domain.ToUpper()) != -1)
challengePasses = true;
else
// The ___domain is not allowed and the authorization type is Basic.
challengePasses = false;
else
// The ___domain is a blank string and the authorization type is Basic.
challengePasses = true;
return challengePasses;
}
// The PreAuthenticate method specifies whether the authentication implemented
// by this class allows pre-authentication.
// Even if you do not use it, this method must be implemented to obey to the rules
// of interface implementation.
// In this case it always returns null.
public Authorization PreAuthenticate(WebRequest request, ICredentials credentials)
{
return null;
}
// Authenticate is the core method for this custom authentication.
// When an Internet resource requests authentication, the WebRequest.GetResponse
// method calls the AuthenticationManager.Authenticate method. This method, in
// turn, calls the Authenticate method on each of the registered authentication
// modules, in the order in which they were registered. When the authentication is
// complete an Authorization object is returned to the WebRequest.
public Authorization Authenticate(String challenge, WebRequest request, ICredentials credentials)
{
Encoding ASCII = Encoding.ASCII;
// Get the username and password from the credentials
NetworkCredential MyCreds = credentials.GetCredential(request.RequestUri, "Basic");
if (PreAuthenticate(request, credentials) == null)
Console.WriteLine("\n Pre-authentication is not allowed.");
else
Console.WriteLine("\n Pre-authentication is allowed.");
// Verify that the challenge satisfies the authorization requirements.
bool challengeOk = checkChallenge(challenge, MyCreds.Domain);
if (!challengeOk)
return null;
// Create the encrypted string according to the Basic authentication format as
// follows:
// a)Concatenate the username and password separated by colon;
// b)Apply ASCII encoding to obtain a stream of bytes;
// c)Apply Base64 encoding to this array of bytes to obtain the encoded
// authorization.
string BasicEncrypt = MyCreds.UserName + ":" + MyCreds.Password;
string BasicToken = "Basic " + Convert.ToBase64String(ASCII.GetBytes(BasicEncrypt));
// Create an Authorization object using the encoded authorization above.
Authorization resourceAuthorization = new Authorization(BasicToken);
// Get the Message property, which contains the authorization string that the
// client returns to the server when accessing protected resources.
Console.WriteLine("\n Authorization Message:{0}",resourceAuthorization.Message);
// Get the Complete property, which is set to true when the authentication process
// between the client and the server is finished.
Console.WriteLine("\n Authorization Complete:{0}",resourceAuthorization.Complete);
Console.WriteLine("\n Authorization ConnectionGroupId:{0}",resourceAuthorization.ConnectionGroupId);
return resourceAuthorization;
}
}
}
[C++]
// This program shows how to create a custom Basic authentication module,
// how to register it via the AuthenticationManager class and how to authorize
// users to access a Web site.
// Note: In order to run this program you must create a test Web site that performs
// Basic authentication. Also you must add to your server machine a user whose
// credentials are the same you use in this program.
// Attention: Basic authenticastion sends the user's credentials over HTTP.
// Passwords and user names are encoded using Base64 encoding. Although the
// user information is encoded, it is considered insecure due to the fact that it
// could be deciphered relatively easily.
// If you must use basic authentication you are strongly adviced to use strong
// security mechanisms, such as SSL, when transfering sensitive information on
// the wire.
#using <mscorlib.dll>
#using <System.dll>
using namespace System;
using namespace System::Net;
using namespace System::IO;
using namespace System::Text;
using namespace System::Collections;
// The ClientAuthentication class performs the following main tasks:
// 1) It obtains the user's credentials.
// 2) Unregisters the standard Basic authentication.
// 3) Registers the customized Basic authentication.
// 4) Reads the selected page and displays it on the console.
__gc class TestAuthentication {
public:
static String *username, *password, *___domain, *uri;
// Show how to use this program.
static void showusage() {
Console::WriteLine(S"Attempts to authenticate to a URL");
Console::WriteLine(S"\r\nUse one of the following:");
Console::WriteLine(S"\tcustomBasicAuthentication URL username password ___domain");
Console::WriteLine(S"\tcustomBasicAuthentication URL username password");
Console::WriteLine(S"\r\nExample:");
Console::WriteLine(S"\tcustomBasicAuthentication http://ndpue/ncl/ basicuser basic.101 ndpue");
}
// Display registered authentication modules.
static void displayRegisteredModules() {
// The AuthenticationManager calls all authentication modules sequentially
// until one of them responds with an authorization instance. Show
// the current registered modules, for testing purposes.
IEnumerator* registeredModules = AuthenticationManager::RegisteredModules;
Console::WriteLine(S"\r\nThe following authentication modules are now registered with the system");
while(registeredModules->MoveNext()) {
Console::WriteLine(S"\r \n Module : {0}",
registeredModules->Current);
IAuthenticationModule* currentAuthenticationModule =
dynamic_cast<IAuthenticationModule*>(registeredModules->Current);
Console::WriteLine(S"\t CanPreAuthenticate : {0}",
__box(currentAuthenticationModule->CanPreAuthenticate));
}
}
// The getPage method accesses the selected page an displays its content
// on the console.
static void getPage(String* url) {
try {
// Create the Web request object.
HttpWebRequest* req = dynamic_cast<HttpWebRequest*> (WebRequest::Create(url));
// Define the request access method.
req->Method = S"GET";
// Define the request credentials according to the user's input.
if (String::Compare(___domain, String::Empty) == 0 )
req->Credentials = new NetworkCredential(username, password);
else
// If the user's specifies the Internet resource ___domain, this usually
// is by default the name of the sever hosting the resource.
req->Credentials = new NetworkCredential(username, password, ___domain);
// Issue the request.
// req->GetResponse();
HttpWebResponse* result = dynamic_cast<HttpWebResponse*> (req->GetResponse());
Console::WriteLine(S"\nAuthentication Succeeded:");
// Store the response.
Stream* sData = result->GetResponseStream();
// Display the response.
displayPageContent(sData);
} catch (WebException* e) {
// Display the error, if any. In particular display protocol
// related error.
if (e->Status == WebExceptionStatus::ProtocolError) {
HttpWebResponse* hresp = dynamic_cast<HttpWebResponse*> (e->Response);
Console::WriteLine(S"\nAuthentication Failed, {0}", __box(hresp->StatusCode));
Console::WriteLine(S"Status Code: {0}", __box((int) hresp->StatusCode));
Console::WriteLine(S"Status Description: {0}", hresp->StatusDescription);
return;
}
Console::WriteLine(S"Caught Exception: {0}", e->Message);
Console::WriteLine(S"Stack: {0}", e->StackTrace);
}
}
// The displayPageContent method display the content of the
// selected page.
static void displayPageContent(Stream* ReceiveStream) {
// Create an ASCII encoding object.
Encoding* ASCII = Encoding::ASCII;
// Define the Byte array to temporary hold the current read bytes.
Byte read[] = new Byte[512];
Console::WriteLine(S"\r\nPage Content...\r\n");
// Read the page content and display it on the console.
// Read the first 512 bytes.
int bytes = ReceiveStream->Read(read, 0, 512);
while (bytes > 0) {
Console::Write(ASCII->GetString(read, 0, bytes));
bytes = ReceiveStream->Read(read, 0, 512);
}
Console::WriteLine(S"");
}
};
// The CustomBasic class creates a custom Basic authentication by implementing the
// IAuthenticationModule interface. In particular it performs the following
// tasks:
// 1) Defines and initializes the required properties.
// 2) Impements the Authenticate method.
public __gc class CustomBasic : public IAuthenticationModule {
private:
String* m_authenticationType;
bool m_canPreAuthenticate;
// The CustomBasic constructor initializes the properties of the customized
// authentication.
public:
CustomBasic() {
m_authenticationType = S"Basic";
m_canPreAuthenticate = false;
}
// Define the authentication type. This type is then used to identify this
// custom authentication module. The default is set to Basic.
__property String* get_AuthenticationType() {
return m_authenticationType;
}
// Define the pre-authentication capabilities for the module. The default is set
// to false.
__property bool get_CanPreAuthenticate() {
return m_canPreAuthenticate;
}
// The checkChallenge method checks if the challenge sent by the HttpWebRequest
// contains the correct type (Basic) and the correct ___domain name.
// Note: the challenge is in the form BASIC REALM=S"DOMAINNAME"
// and you must assure that the Internet Web site resides on a server whose
// ___domain name is equal to DOMAINAME.
bool checkChallenge(String* Challenge, String* ___domain) {
bool challengePasses = false;
String* tempChallenge = Challenge->ToUpper();
// Verify that this is a Basic authorization request and the requested ___domain
// is correct.
// Note: When the ___domain is an empty string the following code only checks
// whether the authorization type is Basic.
if (tempChallenge->IndexOf(S"BASIC") != -1)
if (String::Compare(___domain,String::Empty)!=0 )
if (tempChallenge->IndexOf(___domain->ToUpper()) != -1)
challengePasses = true;
else
// The ___domain is not allowed and the authorization type is Basic.
challengePasses = false;
else
// The ___domain is a blank string and the authorization type is Basic.
challengePasses = true;
return challengePasses;
}
// The PreAuthenticate method specifies if the authentication implemented
// by this class allows pre-authentication.
// Even if you do not use it, this method must be implemented to obey to the rules
// of interface implemebtation.
// In this case it always returns null.
Authorization * PreAuthenticate(WebRequest* request, ICredentials* credentials) {
return 0;
}
// Authenticate is the core method for this custom authentication.
// When an internet resource requests authentication, the WebRequest::GetResponse
// method calls the AuthenticationManager::Authenticate method. This method, in
// turn, calls the Authenticate method on each of the registered authentication
// modules, in the order they were registered. When the authentication is
// complete an Authorization object is returned to the WebRequest, as
// shown by this routine's retun type.
Authorization * Authenticate(String* challenge, WebRequest* request, ICredentials* credentials) {
Encoding* ASCII = Encoding::ASCII;
// Get the username and password from the credentials
NetworkCredential * MyCreds = credentials->GetCredential(request->RequestUri, S"Basic");
if (PreAuthenticate(request, credentials) == 0)
Console::WriteLine(S"\n Pre-authentication is not allowed.");
else
Console::WriteLine(S"\n Pre-authentication is allowed.");
// Verify that the challenge satisfies the authorization requirements.
bool challengeOk = checkChallenge(challenge, MyCreds->Domain);
if (!challengeOk)
return 0;
// Create the encrypted string according to the Basic authentication format as
// follows:
// a)Concatenate username and password separated by colon;
// b)Apply ASCII encoding to obtain a stream of bytes;
// c)Apply Base64 Encoding to this array of bytes to obtain the encoded
// authorization.
String* BasicEncrypt = String::Concat(MyCreds->UserName, S":", MyCreds->Password);
String* BasicToken =
String::Concat(S"Basic ", Convert::ToBase64String(ASCII->GetBytes(BasicEncrypt)));
// Create an Authorization object using the above encoded authorization.
Authorization* resourceAuthorization = new Authorization(BasicToken);
// Get the Message property which contains the authorization string that the
// client returns to the server when accessing protected resources
Console::WriteLine(S"\n Authorization Message: {0}", resourceAuthorization->Message);
// Get the Complete property which is set to true when the authentication process
// between the client and the server is finished.
Console::WriteLine(S"\n Authorization Complete: {0}",
__box(resourceAuthorization->Complete));
Console::WriteLine(S"\n Authorization ConnectionGroupId: {0}",
resourceAuthorization->ConnectionGroupId);
return resourceAuthorization;
}
};
// This is the program entry point. It allows the user to enter
// her credentials and the Internet resource (Web page) to access.
// It also unregisters the standard and registers the customized basic
// authentication.
int main() {
String* args[] = Environment::GetCommandLineArgs();
if (args->Length < 4)
TestAuthentication::showusage();
else {
// Read the user's credentials.
TestAuthentication::uri = args[1];
TestAuthentication::username = args[2];
TestAuthentication::password = args[3];
if (args->Length == 4)
TestAuthentication::___domain = String::Empty;
else
// If the ___domain exists, store it. Usually the ___domain name
// is by default the name of the server hosting the Internet
// resource.
TestAuthentication::___domain = args[4];
// Instantiate the custom Basic authentication module.
CustomBasic* customBasicModule = new CustomBasic();
// Unregister the standard Basic authentication module.
AuthenticationManager::Unregister(S"Basic");
// Register the custom Basic authentication module.
AuthenticationManager::Register(customBasicModule);
// Display registered Authorization modules.
TestAuthentication::displayRegisteredModules();
// Read the specified page and display it on the console.
TestAuthentication::getPage(TestAuthentication::uri);
}
}
[JScript] JScript のサンプルはありません。Visual Basic、C#、および C++ のサンプルを表示するには、このページの左上隅にある言語のフィルタ ボタン .gif)
をクリックします。
必要条件
名前空間: System.Net
プラットフォーム: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 ファミリ, .NET Compact Framework - Windows CE .NET
アセンブリ: System (System.dll 内)