This documentation is archived and is not being maintained.

IAuthenticationModule Interface

Provides the base authentication interface for Web client authentication modules.

Namespace:  System.Net
Assembly:  System (in System.dll)

public interface IAuthenticationModule

The IAuthenticationModule interface defines the properties and methods that custom authentication modules must use.

Authentication modules conduct the entire authentication process with a server, responding to an authentication challenge as appropriate. This process may consist of requests to an authentication server separate from the resource server, as well as any other activities required to properly authenticate a request for a URI.

Custom authentication modules should implement the IAuthenticationModule interface and then register with the AuthenticationManager.Register method. Authentication modules are also registered at program initialization by reading the configuration file.

The following example creates creates a customized authentication class by implementing the IAuthenticationModule interface. For a complete example refer to the AuthenticationManager class.

No code example is currently available or this language may not be supported.
// The CustomBasic class creates a custom Basic authentication by implementing the
// IAuthenticationModule interface. In particular it performs the following
// tasks:
// 1) Defines and initializes the required properties.
// 2) Impements the Authenticate method.

public __gc class CustomBasic : public IAuthenticationModule {
   String* m_authenticationType;
   bool m_canPreAuthenticate;

   // The CustomBasic constructor initializes the properties of the customized
   // authentication.
   CustomBasic() {
      m_authenticationType = S"Basic";
      m_canPreAuthenticate = false;

   // Define the authentication type. This type is then used to identify this
   // custom authentication module. The default is set to Basic.
   __property String* get_AuthenticationType() {
      return m_authenticationType;

   // Define the pre-authentication capabilities for the module. The default is set
   // to false.
   __property bool get_CanPreAuthenticate() {
      return m_canPreAuthenticate;

   // The checkChallenge method checks if the challenge sent by the HttpWebRequest
   // contains the correct type (Basic) and the correct domain name.
   // Note: the challenge is in the form BASIC REALM=S"DOMAINNAME"
   // and you must assure that the Internet Web site resides on a server whose
   // domain name is equal to DOMAINAME.
   bool checkChallenge(String* Challenge, String* domain) {
      bool challengePasses = false;

      String*  tempChallenge = Challenge->ToUpper();
      // Verify that this is a Basic authorization request and the requested domain
      // is correct.
      // Note: When the domain is an empty string the following code only checks
      // whether the authorization type is Basic.
      if (tempChallenge->IndexOf(S"BASIC") != -1)
         if (String::Compare(domain,String::Empty)!=0 )
            if (tempChallenge->IndexOf(domain->ToUpper()) != -1)
               challengePasses = true;
               // The domain is not allowed and the authorization type is Basic.
               challengePasses = false;
            // The domain is a blank string and the authorization type is Basic.
            challengePasses = true;

      return challengePasses;

   // The PreAuthenticate method specifies if the authentication implemented
   // by this class allows pre-authentication.
   // Even if you do not use it, this method must be implemented to obey to the rules
   // of interface implemebtation.
   // In this case it always returns null.
   Authorization * PreAuthenticate(WebRequest* request, ICredentials* credentials) {
      return 0;

   // Authenticate is the core method for this custom authentication.
   // When an internet resource requests authentication, the WebRequest::GetResponse
   // method calls the AuthenticationManager::Authenticate method. This method, in
   // turn, calls the Authenticate method on each of the registered authentication
   // modules, in the order they were registered. When the authentication is
   // complete an Authorization object is returned to the WebRequest, as
   // shown by this routine's retun type.
   Authorization * Authenticate(String* challenge, WebRequest* request, ICredentials* credentials) {
      Encoding*  ASCII = Encoding::ASCII;

      // Get the username and password from the credentials
      NetworkCredential * MyCreds = credentials->GetCredential(request->RequestUri, S"Basic");

      if (PreAuthenticate(request, credentials) == 0)
         Console::WriteLine(S"\n Pre-authentication is not allowed.");
         Console::WriteLine(S"\n Pre-authentication is allowed.");

      // Verify that the challenge satisfies the authorization requirements.
      bool challengeOk = checkChallenge(challenge, MyCreds->Domain);

      if (!challengeOk)
         return 0;

      // Create the encrypted string according to the Basic authentication format as
      // follows:
      // a)Concatenate username and password separated by colon;
      // b)Apply ASCII encoding to obtain a stream of bytes;
      // c)Apply Base64 Encoding to this array of bytes to obtain the encoded
      // authorization.
      String* BasicEncrypt = String::Concat(MyCreds->UserName, S":", MyCreds->Password);

      String* BasicToken = 
         String::Concat(S"Basic ", Convert::ToBase64String(ASCII->GetBytes(BasicEncrypt)));

      // Create an Authorization object using the above encoded authorization.
      Authorization* resourceAuthorization = new Authorization(BasicToken);

      // Get the Message property which contains the authorization string that the
      // client returns to the server when accessing protected resources
      Console::WriteLine(S"\n Authorization Message: {0}", resourceAuthorization->Message);

      // Get the Complete property which is set to true when the authentication process
      // between the client and the server is finished.
      Console::WriteLine(S"\n Authorization Complete: {0}", 
      // </Snippet 5>

      Console::WriteLine(S"\n Authorization ConnectionGroupId: {0}", 
      return resourceAuthorization;

// This is the program entry point. It allows the user to enter
// her credentials and the Internet resource (Web page) to access.
// It also unregisters the standard and registers the customized basic
// authentication.
int main() {
   String* args[] = Environment::GetCommandLineArgs();

   if (args->Length < 4)
   else {
      // Read the user's credentials.
      TestAuthentication::uri = args[1];
      TestAuthentication::username = args[2];
      TestAuthentication::password = args[3];

      if (args->Length == 4)
         TestAuthentication::domain = String::Empty;
         // If the domain exists, store it. Usually the domain name
         // is by default the name of the server hosting the Internet
         // resource.
         TestAuthentication::domain = args[4];

      // Instantiate the custom Basic authentication module.
      CustomBasic* customBasicModule = new CustomBasic();

      // Unregister the standard Basic authentication module.

      // Register the custom Basic authentication module.

      // Display registered Authorization modules.

      // Read the specified page and display it on the console.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

.NET Compact Framework

Supported in: 3.5, 2.0, 1.0