XmlAuthenticationProvider - Enterprise Library Security Extension
This is my first sample in series of samples I’ll publish demonstrating extending the new Enterprise Application Block as part of my demos preperation for next wendsday's (16.02.2005) lecture at the Microsoft’s Israel C# User Group
Today I will focus on extending the new
Security Application Block.
Out of the box the new Enterprise Library security
application block comes with the ability to
authenticate using the Database Authentication Provider but
what if you want to play with the Enterprise Library
Security Application Block and don’t have database server
available?
Well this article is for you :-)
We will create XmlAuthenticationProvider which will allow us to authenticate using xml file holding the username and password.
First of all lets create the Credential Store, The Credential Store is a simple xml file which will hold the username and its password, Normally in production system I would encrypt this information using DpApi so that only the process or specific user will be able to decrypt the data but for simplicity we’ll use simple text.
CredentialStore.Xml – holds the users credentials
<CredentialStore>
<Account username="ohad"
password="1111"/>
<Account username="oren"
password="2222"/>
<Account username="guy"
password="3333"/>
</CredentialStore>
Next we will build the provider, The provider is just a dll implementing IAuthenticationProvider interface with an added property that will enable us to change the default credential store.
XmlAuthenticationProvider.cs – the authentication provider
using
System;
using
System.Security.Principal;
using
System.Xml;
using
Microsoft.Practices.EnterpriseLibrary.Security;
using
Microsoft.Practices.EnterpriseLibrary.Configuration;
namespace
EnterpriseLibraryExtensions
{
// We're implementing the IAuthenticationProvider
interface
{
public
XmlAuthenticationProvider(){}
string
configurationName;
public
string
ConfigurationName
{
get {
return
configurationName;}
set {
configurationName=value;}
}
string
credentialStore;
public
string
CredentialStore
{
get {
return
credentialStore;}
set {
credentialStore=value;}
}
public
void
Initialize(ConfigurationView configurationView)
{
configurationName="Custom Authentication Provider";
credentialStore="CredentialsStore.xml";
}
public
bool Authenticate(object
credentials,
out IIdentity
identity)
{
identity=null;
bool authenticated=false;
// Its not such a good practice to hold the password in
string
// but i’ve did it here for
demonstration reasons.
// in production
system I would use DpApi to
// protect the
password.
string
username=((NamePasswordCredential)credentials).Name;
string
password=((NamePasswordCredential)credentials).Password;
XmlTextReader
reader = null;
try
{
// Read the XML document
reader =
new XmlTextReader(
CredentialStore );
while( reader.Read()
)
{
if( (reader.LocalName == "Account") &&
(reader.GetAttribute( "username" ) ==
username) )
{
// If we have password match we create a new
Identity
// set authenticated to true
and stop looking
if (password ==
reader.GetAttribute( "password" ))
{
identity =
new
GenericIdentity(username);
authenticated=true;
break;
}
}
}
}
finally
{
if(
null != reader )
reader.Close();
}
return
authenticated;
}
}
}
Start the Enterprise Library configuration console and configure the Security Application Block to use custom authentication provider and don’t forget to point the TypeName to the compiled dll.