webforms - Windows Authentication Initialization ASP.net

Question

In a ASP.net WebForms project, we currently use Forms Authentication, but the client wishes to use Windows Authentication instead. So I've changed the web.config to use Windows authentication. However, the application needs some user input and put in into a session before any webpage can be accessed. We currently do this in the postback of the loginpage.

Since Windows authentication does not have a 'Login' page, how can this be achieved? Should I check on every page it's On_Init event if the session has been set correctly..?

Answer 1

If you need a specific data in session available in every single page, the easiest approach would be to have a dedicated module that checks the condition in one of early pipeline events where the session is available (the acquire request state event sounds most suitable).

public class CustomConditionCheckModule : IHttpModule
{
    public void Init( HttpApplication context )
    {
        context.AcquireRequestState += new EventHandler( acq_req_state );
    }        

    public void acq_req_state( object sender, EventArgs e )
    {
        // check your condition there - the data is in session
        var session = HttpContext.Current.Session;
        if ( ... the condition ... )
           Response.Redirect( "~/anonymous.page.aspx" ); 
    }
}

Then you also need a page that can be accessed anonymously (you need a section in the web.config for this):

<location path="anonymous.page.aspx">
  <system.web>
    <authorization>
      <allow users="*" />  
    </authorization>
  </system.web>
</location>