Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Forms Authentication Ticket Functionality With Windows Authentication (http://www.velocityreviews.com/forums/t767849-forms-authentication-ticket-functionality-with-windows-authentication.html)

jfer 09-16-2005 04:32 PM

Forms Authentication Ticket Functionality With Windows Authentication
 
I am creating a web application for a company intranet and I am using
Windows Authentication for a somewhat "transparent" login process.
What I would like to do is allow all users into the application that
exist in our LDAP under a particular user (their is a heirarchy
associated with the LDAP tree). I was able to do this with Forms
Authentication as I included the code to do this in the Page_Load event
of the page associated with the <forms> tag in the web.config. My
question is where would I include this functionality when using
Integrated Windows Authentication? And any idea what would be the best
way to sort of keep track of the user like the forms authentication
ticket does. Thanks in advance.


Dominick Baier [DevelopMentor] 09-16-2005 05:18 PM

Re: Forms Authentication Ticket Functionality With Windows Authentication
 
Hello jfer,


is this 1.1?

You could handle the Authenticate_Request and check via LDAP. If the user
is in a particular OU let him through, otherwise reject.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I am creating a web application for a company intranet and I am using
> Windows Authentication for a somewhat "transparent" login process.
> What I would like to do is allow all users into the application that
> exist in our LDAP under a particular user (their is a heirarchy
> associated with the LDAP tree). I was able to do this with Forms
> Authentication as I included the code to do this in the Page_Load
> event
> of the page associated with the <forms> tag in the web.config. My
> question is where would I include this functionality when using
> Integrated Windows Authentication? And any idea what would be the
> best
> way to sort of keep track of the user like the forms authentication
> ticket does. Thanks in advance.




jfer 09-16-2005 05:59 PM

Re: Forms Authentication Ticket Functionality With Windows Authentication
 
Sorry just to clarify it is in ASP.NET 2.0. I am famaliar with
querying the LDAP but what is confusing me is where to include it.
Does Authenticate_Request run on every user interaction with the web
application or only the first time they enter a web application (sort
of like Session Start). And what would be the best way to make sure
they are put through this "gateway" if they try to jump to a page
somewhere in the middle of the web application later on (lets say via a
bookmark) and to manage this (Cookies? Session?) I liked how Forms
Authentication let you hook to a sort of start page. Again insight is
appreciated.

Thanks


Dominick Baier [DevelopMentor] 09-16-2005 06:30 PM

Re: Forms Authentication Ticket Functionality With Windows Authentication
 
Hello jfer,

Authenticate_Request runs on every request - there is no way to bypass.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Sorry just to clarify it is in ASP.NET 2.0. I am famaliar with
> querying the LDAP but what is confusing me is where to include it.
> Does Authenticate_Request run on every user interaction with the web
> application or only the first time they enter a web application (sort
> of like Session Start). And what would be the best way to make sure
> they are put through this "gateway" if they try to jump to a page
> somewhere in the middle of the web application later on (lets say via
> a
> bookmark) and to manage this (Cookies? Session?) I liked how Forms
> Authentication let you hook to a sort of start page. Again insight is
> appreciated.
> Thanks
>





All times are GMT. The time now is 09:27 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.