Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms authentication with Windows authentication

Reply
Thread Tools

Forms authentication with Windows authentication

 
 
Dadi
Guest
Posts: n/a
 
      09-10-2003
Hi,

I have an ASP.NET web site that uses IIS Basic Authentication and accesses
an OLAP Server at various stages. The OLAP Server authentication mechanism
relies on Windows accounts and therefore when a new user needs access to the
system we must create a new Windows user account for him.

This is a 3-year old application and at the time it was decided to let the
OLAP Server handle the filtering of information returned to the client based
on his supplied Windows user account (I wasnīt there at the time). Now Iīm
trying to figure out how we can allow users from other sites enter ours
without explicitly logging in. That is, I need to make it possible for our
clients to come from a web site A, where they have been authenticated, and
enter ours by sending us the userīs credentials for authentication,
effectively making the dialog box redundant.

This puts the burden on our site to have an API of sorts (most likely just
another .aspx page) that can receive a username and password and use that to
authenticate the incoming user. What I need here is to take the credentials,
authenticate them somehow (most likely with the LogonUser API) and then do
something with the result so that after this, all calls from the user will
have the resulting Windows user credentials associated with it.

Does this call for impersonation or do I need to replace the Principal for
the entire context for this user somehow?

Any suggestions or comments truly appreciated.

Regards,
Dadi.


 
Reply With Quote
 
 
 
 
Joe Camp
Guest
Posts: n/a
 
      09-12-2003
Any response about this? I have a similar situation and was wonder how to
best resolve it.

Thanks,
Joe

"Dadi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I have an ASP.NET web site that uses IIS Basic Authentication and accesses
> an OLAP Server at various stages. The OLAP Server authentication mechanism
> relies on Windows accounts and therefore when a new user needs access to

the
> system we must create a new Windows user account for him.
>
> This is a 3-year old application and at the time it was decided to let the
> OLAP Server handle the filtering of information returned to the client

based
> on his supplied Windows user account (I wasnīt there at the time). Now Iīm
> trying to figure out how we can allow users from other sites enter ours
> without explicitly logging in. That is, I need to make it possible for our
> clients to come from a web site A, where they have been authenticated, and
> enter ours by sending us the userīs credentials for authentication,
> effectively making the dialog box redundant.
>
> This puts the burden on our site to have an API of sorts (most likely just
> another .aspx page) that can receive a username and password and use that

to
> authenticate the incoming user. What I need here is to take the

credentials,
> authenticate them somehow (most likely with the LogonUser API) and then do
> something with the result so that after this, all calls from the user will
> have the resulting Windows user credentials associated with it.
>
> Does this call for impersonation or do I need to replace the Principal for
> the entire context for this user somehow?
>
> Any suggestions or comments truly appreciated.
>
> Regards,
> Dadi.
>
>



 
Reply With Quote
 
 
 
 
Scott Scott
Guest
Posts: n/a
 
      09-16-2003
have you thought about protecting the content by originating IP address
(from the partner).

then you can assign them a cookie, or perhaps log them in via basic
authentication with a random username and password.

or you can always protect the rest of your content by referrer.

you can contact me offline if you want further clarification.


http://www.velocityreviews.com/forums/(E-Mail Removed)







*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
Enabling Windows Authentication from inside Forms Authentication (ASP.NET 2.0) Michael D. Ober ASP .Net Security 6 10-30-2006 03:17 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms Authentication Ticket Functionality With Windows Authentication jfer ASP .Net Security 3 09-16-2005 06:30 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments