This module, when loaded through the web.config file (<authentication mode="Windows">), provides Windows/IIS authentication. In this model, IIS authenticates the user identity for the current web request using any supported method (including Basic, Digest, or Integrated Windows), and then passes that account to the ASP.NET application, which it uses to access the resources it needs. The WindowsAuthenticationModule uses a System.Security.Principal.WindowsIdentity object to hold user information received from IIS and constructs a System.Security.Principal.WindowsPrincipal object to provide information about group memberships. The System.Security.Principal.WindowsPrincipal object is attached to the application context and provided through the System.Web.HttpContext.User property. This module also provides a single event, Authenticate, which you can access through the WindowsAuthentication_OnAuthenticate event handler in the global.asax file.
This type of authentication scheme is particularly useful in corporate intranet scenarios, where IIS can be set to Integrated Windows authentication and all users can access the application under their network accounts.
public sealed class WindowsAuthenticationModule : System.Web.IHttpModule { // Public Constructors public WindowsAuthenticationModule( ); // Public Instance Methods public void Dispose( ); // implements System.Web.IHttpModule public void Init(System.Web.HttpApplication app); // implements System.Web.IHttpModule// Events public event WindowsAuthenticationEventHandler Authenticate; }
