原文地址: http://msdn.microsoft.com/en-us/magazine/dn201748.aspx
Custom HttpModule code:
using System; using System.Collections.Generic; using System.Linq; using System.Net.Http.Headers; using System.Security.Principal; using System.Text; using System.Threading; using System.Web; namespace Test.MVC { public class CustomAuthModel: IHttpModule, IDisposable { public void Init(HttpApplication context) { context.AuthenticateRequest += AuthenticateRequests; context.EndRequest += TriggerCredentials; } private void TriggerCredentials(object sender, EventArgs e) { HttpResponse resp = HttpContext.Current.Response; if (resp.StatusCode == 401) { resp.Headers.Add("WWW-Authenticate", @"Basic realm='PHVIS'"); } } private void AuthenticateRequests(object sender, EventArgs e) { string authHeader = HttpContext.Current.Request.Headers["Authorization"]; if(authHeader!=null) { AuthenticationHeaderValue authHeaderValue = AuthenticationHeaderValue.Parse(authHeader); if(authHeaderValue.Parameter!=null) { byte[] unencode = Convert.FromBase64String(authHeaderValue.Parameter); string usePw = Encoding.GetEncoding("iso-8859-1").GetString(unencode); string[] creds = usePw.Split(':'); if (creds[0] == "Name" && creds[1] == "pw") { GenericIdentity gi = new GenericIdentity(creds[0]); string [] roles= new string[]{"Admin","Manager"}; Thread.CurrentPrincipal = new GenericPrincipal(gi, roles); HttpContext.Current.User = Thread.CurrentPrincipal; } } } } public void Dispose() { } } }