Best way to perform authentication on every request

Posted by Nik on Stack Overflow See other posts from Stack Overflow or by Nik
Published on 2010-05-31T12:23:52Z Indexed on 2010/05/31 12:33 UTC
Read the original article Hit count: 249

Filed under:
|
|

Hello.

In my asp.net mvc 2 app, I'm wondering about the best way to implement this:

  • For every incoming request I need to perform custom authorization before allowing the file to be served. (This is based on headers and contents of the querystring. If you're familiar with how Amazon S3 does rest authentication - exactly that).

I'd like to do this in the most perfomant way possible, which probably means as light a touch as possible, with IIS doing as much of the actual work as possible.

The service will need to handle GET requests, as well as writing new files coming in via POST/PUT requests.

The requests are for an abitrary file, so it could be:

GET http://storage.foo.com/bla/egg/foo18/something.bin

POST http://storage.foo.com/else.txt

Right now I've half implemented it using an IHttpHandler which handles all routes (with routes.RouteExistingFiles = true), but not sure if that's the best, or if I should be hooking into the lifecycle somewhere else?

Many thanks for any pointers.

(IIS7)

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about asp.net-mvc