Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > single web app for both external users and domain users

Reply
Thread Tools

single web app for both external users and domain users

 
 
bitshift
Guest
Posts: n/a
 
      06-22-2007
Ive been asked to allow internal (domain authenticated) users to get in to
my asp.net web application, while everyone else should use the login form.
One way ive seen others doing this, is to configure the application in IIS
to use windows authentication, uncheck anonymous, so as to have the browser
pass in the User.Identity value.

Then, when when a visotor hits the site, I can check if we have a domain
user with the User.Identity, and automatically log them in using a common
login name that is setup in the database. If the user.Identity is empty,
then force them to login as usual.

Sound reasonable ?


 
Reply With Quote
 
 
 
 
bruce barker
Guest
Posts: n/a
 
      06-22-2007
its much tricker than this. if you turn off anonymous, no one can access
the site with a successful domain login.

for the browser to send credentials, the server must send a 401 (access
denied). the browser then send some credentials. the server will return
another 401 if invalid, so the user can try again.

if you turn on anonymous, then iis never sends a 401 and the browser
will never send the user credentials.

the easiest solution is if the users ipaddress is internal, send a 401,
if not redirect to forms login.

-- bruce (sqlwork.com)




bitshift wrote:
> Ive been asked to allow internal (domain authenticated) users to get in to
> my asp.net web application, while everyone else should use the login form.
> One way ive seen others doing this, is to configure the application in IIS
> to use windows authentication, uncheck anonymous, so as to have the browser
> pass in the User.Identity value.
>
> Then, when when a visotor hits the site, I can check if we have a domain
> user with the User.Identity, and automatically log them in using a common
> login name that is setup in the database. If the user.Identity is empty,
> then force them to login as usual.
>
> Sound reasonable ?
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to config the web.config for both Internal and External users using Windows and Forms Authentication? ABC ASP .Net 1 10-24-2005 01:37 PM



Advertisments