I have some IHttpHandler
implementations where they may optionally have authentication applied to them.
I originally rolled my own Basic authentication but would now like to use IIS's capabilities so that the deploying user can control what type of authentication they use and the handlers just look up whether the current user is allowed to perform the actions they request.
Determining whether a user can perform an action and returning a 401/403 is easy enough but what I can't figure out is how to get IIS to add in the relevant HTTP Headers to the response that request the client to send back credentials. I can add them manually but then I can only realistically implement Basic authentication (which is what I did originally) and this takes me back to square one.
Is there some magic method I can call that tells the HttpContext
to append the relevant headers to the response?
And more generally is what I am trying to do even possible without resorting to implementing a IHttpModule
to interfere in the authentication events of the ASP.Net page lifecycle?