[Mono-devel-list] XSP Security?

Jurandy Martins Soares Junior jurandy at lsd.ic.unicamp.br
Tue Dec 14 09:52:59 EST 2004 

> Yo;
> Me again... with my newbiew questions... hey! That means they're easy to
> answer, doesn't it?
>
> I installed XSP and got it puttering, and have started developing a
> database access app with ASP .NET & C#.  Anyway, I need to make a secure
> loging thing-a-ma-boper.  From what google tells me in IIS you just make
> a Web.conf file with authentication settings, and IIS takes the
> authentication reigns from there (But IIS isn't all that secure anyway,
> now is it?).  How do I do something like this in XSP? Anybody have a
> link to a howto?  Google didn't help me much on this one.
>           Thanx,
>               ES

If you are wondering about using Unix authentication, the codes below should 
be useful.

Jurandy Martins

------ LOGIN.ASPX-----------------------------------------------------
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System" %>

<script language="C#" runat=server>
/****************************************************/
bool isPasswordCorrect(string username, string password)
{
 Process newProcess = new Process ();
 newProcess.StartInfo.FileName = "/usr/bin/login-args.py";
 newProcess.StartInfo.Arguments = username + " " +  password;
 newProcess.StartInfo.UseShellExecute = false;
 newProcess.StartInfo.CreateNoWindow = true;
 newProcess.StartInfo.RedirectStandardOutput = true;
 newProcess.Start ();

 StreamReader outputStream = newProcess.StandardOutput;
 string output = outputStream.ReadToEnd ();
 newProcess.WaitForExit ();
 outputStream.Close ();

 if ( output.Equals("true\n") ) {
   return true;
 } else {
   return false;
 }
}
</script>
<html>
[...]
</html>

------LOGIN-ARGS.PY-----------------------------------------------------------------------
#!/usr/bin/python

import crypt, getpass, pwd
import sys

def login(username, password):
    cryptedpasswd = pwd.getpwnam(username)[1]
    if cryptedpasswd:
        if cryptedpasswd == 'x' or cryptedpasswd == '*':
            raise "false"
        if crypt.crypt(password, cryptedpasswd[:2]) == cryptedpasswd:
            print "true"
        else:
            print "false"

login(sys.argv[1], sys.argv[2])

More information about the Mono-devel-list mailing list