Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Basic authentication without browser login window

Reply
Thread Tools

Basic authentication without browser login window

 
 
Diego Embon \(personal mail\)
Guest
Posts: n/a
 
      10-05-2004
Hello,

I have a problem with basic windows authentication in IIS6. As a developer
I'm requested to implement windows authentication on my web application
(asp.net), but to avoid the browser login window. I have all the users in
Active Directory and this is not an intranet system. I've tried a few
techniques to achieve my goal:

1. ISAPI filter is the most flexible option, but I'm looking for something
simpler.
2. Impersonation fails in maintaining the credentials between different
requests. I can impersonate to the user using the token return by the logon
function, but when redirecting to the next page, the user credentials are
not kept.
3. I tried using http://usernameassowrd@server/site/page.ext. This works
fine (secured only when implementing SSL) but Microsoft is dropping this
method, and IE6 does not support it in its new versions (support can be
activated by a key in the registry but I have no access to the clients
stations).

After I logon to AD using the user credentials entered in my custom asp.net
login form, I have the user's token. The only missing part is how to pass
this token to the browser token cache.

Does anyone have any suggestion?

Thanks!

Diego.


 
Reply With Quote
 
 
 
 
Paul Clement
Guest
Posts: n/a
 
      10-06-2004
On Tue, 5 Oct 2004 23:42:42 +0200, "Diego Embon \(personal mail\)" <(E-Mail Removed)> wrote:

Hello,

I have a problem with basic windows authentication in IIS6. As a developer
I'm requested to implement windows authentication on my web application
(asp.net), but to avoid the browser login window. I have all the users in
Active Directory and this is not an intranet system. I've tried a few
techniques to achieve my goal:

1. ISAPI filter is the most flexible option, but I'm looking for something
simpler.
2. Impersonation fails in maintaining the credentials between different
requests. I can impersonate to the user using the token return by the logon
function, but when redirecting to the next page, the user credentials are
not kept.
3. I tried using http://usernameassowrd@server/site/page.ext. This works
fine (secured only when implementing SSL) but Microsoft is dropping this
method, and IE6 does not support it in its new versions (support can be
activated by a key in the registry but I have no access to the clients
stations).

After I logon to AD using the user credentials entered in my custom asp.net
login form, I have the user's token. The only missing part is how to pass
this token to the browser token cache.

Does anyone have any suggestion?


Have you looked at Forms Authentication using Active Directory?

http://msdn.microsoft.com/library/de...SecNetHT02.asp


Paul ~~~ http://www.velocityreviews.com/forums/(E-Mail Removed)
Microsoft MVP (Visual Basic)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
asp:login w/ ASP.NET 2.0 -- still can't get basic login page to work Sasquatch ASP .Net 2 10-04-2006 04:04 PM
Basic Authentication/Custom Login page mike ASP .Net Security 17 09-16-2005 04:34 PM
Opening a new browser window to a specific size without the menu bar and address window. UJ ASP .Net 2 06-27-2005 08:21 PM
Login page with Basic authentication (newbie) Steven K0 ASP .Net Security 1 04-10-2005 02:45 AM
Forms Authentication displays basic authentication dialogue window Brett Porter ASP .Net 5 02-03-2004 07:06 PM



Advertisments