Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > windows pass through authentication\authorization....

Reply
Thread Tools

windows pass through authentication\authorization....

 
 
Ollie
Guest
Posts: n/a
 
      12-07-2004
I have a requirement for a company intranet where they want to use a single
sign-on with their windows 2003 domain (AD) so I was thinking of using
windows authentication in the asp.net application so that I can control
functionality by the roles the usr is a member of.

The question I want to know is can I force the popup windows for username,
password, domain to appear by 'logging' off the user from the website. I
read some where if I return a "403" in the reponse header it will show the
dialog and the user will have to enter the information to proceed. I tried
the following but i only get the 403 error page. So how do I force the popup
window to appear?

tried this but only get error page:

Session.Abandon();
Response.Clear();
Response.StatusCode = 403;
Response.End();


Cheers in Advance

Ollie Riches


 
Reply With Quote
 
 
 
 
Patrick.O.Ige
Guest
Posts: n/a
 
      12-07-2004
Hi Ollie,
To force Windows POPUP ..Go to IIS under Directory Security turn off
"Anonymous Access and click integrate Windows Auth..
DO that to allow Windows Auth to validate against AD..
For more Questions POST it...
Enjoy
PAtrick



"Ollie" wrote:

> I have a requirement for a company intranet where they want to use a single
> sign-on with their windows 2003 domain (AD) so I was thinking of using
> windows authentication in the asp.net application so that I can control
> functionality by the roles the usr is a member of.
>
> The question I want to know is can I force the popup windows for username,
> password, domain to appear by 'logging' off the user from the website. I
> read some where if I return a "403" in the reponse header it will show the
> dialog and the user will have to enter the information to proceed. I tried
> the following but i only get the 403 error page. So how do I force the popup
> window to appear?
>
> tried this but only get error page:
>
> Session.Abandon();
> Response.Clear();
> Response.StatusCode = 403;
> Response.End();
>
>
> Cheers in Advance
>
> Ollie Riches
>
>
>

 
Reply With Quote
 
 
 
 
Ollie
Guest
Posts: n/a
 
      12-08-2004
did you actually read the question?


"Patrick.O.Ige" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Ollie,
> To force Windows POPUP ..Go to IIS under Directory Security turn

off
> "Anonymous Access and click integrate Windows Auth..
> DO that to allow Windows Auth to validate against AD..
> For more Questions POST it...
> Enjoy
> PAtrick
>
>
>
> "Ollie" wrote:
>
> > I have a requirement for a company intranet where they want to use a

single
> > sign-on with their windows 2003 domain (AD) so I was thinking of using
> > windows authentication in the asp.net application so that I can control
> > functionality by the roles the usr is a member of.
> >
> > The question I want to know is can I force the popup windows for

username,
> > password, domain to appear by 'logging' off the user from the website. I
> > read some where if I return a "403" in the reponse header it will show

the
> > dialog and the user will have to enter the information to proceed. I

tried
> > the following but i only get the 403 error page. So how do I force the

popup
> > window to appear?
> >
> > tried this but only get error page:
> >
> > Session.Abandon();
> > Response.Clear();
> > Response.StatusCode = 403;
> > Response.End();
> >
> >
> > Cheers in Advance
> >
> > Ollie Riches
> >
> >
> >



 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      12-08-2004
I haven't actually tried this, but I thought I'd throw an idea at you.

What if you try sending a 401 instead and add the proper WWW-Authenticate
header to the response? The header value would depend on what kind of
authentication you are using, but that might work.

If it does, let me know as I'm curious.

Thanks,

Joe K.

"Ollie" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have a requirement for a company intranet where they want to use a single
> sign-on with their windows 2003 domain (AD) so I was thinking of using
> windows authentication in the asp.net application so that I can control
> functionality by the roles the usr is a member of.
>
> The question I want to know is can I force the popup windows for username,
> password, domain to appear by 'logging' off the user from the website. I
> read some where if I return a "403" in the reponse header it will show the
> dialog and the user will have to enter the information to proceed. I tried
> the following but i only get the 403 error page. So how do I force the
> popup
> window to appear?
>
> tried this but only get error page:
>
> Session.Abandon();
> Response.Clear();
> Response.StatusCode = 403;
> Response.End();
>
>
> Cheers in Advance
>
> Ollie Riches
>
>



 
Reply With Quote
 
Ollie
Guest
Posts: n/a
 
      12-08-2004
Joe

Thanks for the reply, I tried changing it to "401" and it forced the popup
login window to appear and you can enter new credentials, but it does not
clear out the credentials from the browser cache so you are still
authenticated as the previous user if you hit 'Cancel', I didn't try it with
the 'proper' WWW-Authenticate header cos i don't know what that should be -
do you know at all ?

nice to see you venture out of the AD newsgroups

Cheers

Ollie Riches

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:e2RbF$(E-Mail Removed)...
>I haven't actually tried this, but I thought I'd throw an idea at you.
>
> What if you try sending a 401 instead and add the proper WWW-Authenticate
> header to the response? The header value would depend on what kind of
> authentication you are using, but that might work.
>
> If it does, let me know as I'm curious.
>
> Thanks,
>
> Joe K.
>
> "Ollie" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I have a requirement for a company intranet where they want to use a
>>single
>> sign-on with their windows 2003 domain (AD) so I was thinking of using
>> windows authentication in the asp.net application so that I can control
>> functionality by the roles the usr is a member of.
>>
>> The question I want to know is can I force the popup windows for
>> username,
>> password, domain to appear by 'logging' off the user from the website. I
>> read some where if I return a "403" in the reponse header it will show
>> the
>> dialog and the user will have to enter the information to proceed. I
>> tried
>> the following but i only get the 403 error page. So how do I force the
>> popup
>> window to appear?
>>
>> tried this but only get error page:
>>
>> Session.Abandon();
>> Response.Clear();
>> Response.StatusCode = 403;
>> Response.End();
>>
>>
>> Cheers in Advance
>>
>> Ollie Riches
>>
>>

>
>



 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      12-08-2004
The best thing to do is sniff the traffic and look at the headers that are
sent back. You can also use an http proxy debugger like Fiddler for this.

Generally, if you use Basic auth, it will be something like Basic
realm=xxxx, and IWA is Negotiate, but I can't remember the exact syntax of
either, so you should be sure.

Half of my life is actually building big ASP.NET applications and doing
security integration work, so as a result, I follow this group too.

It may not be the case that you can actually clear out the cache on the
client without running some client code though. The reprompt may be the
best you can do.

Let us know if you find more details.

Joe K.

"Ollie" <why do they need this!!!!> wrote in message
news:%(E-Mail Removed)...
> Joe
>
> Thanks for the reply, I tried changing it to "401" and it forced the popup
> login window to appear and you can enter new credentials, but it does not
> clear out the credentials from the browser cache so you are still
> authenticated as the previous user if you hit 'Cancel', I didn't try it
> with the 'proper' WWW-Authenticate header cos i don't know what that
> should be - do you know at all ?
>
> nice to see you venture out of the AD newsgroups
>
> Cheers
>
> Ollie Riches
>
> "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
> in message news:e2RbF$(E-Mail Removed)...
>>I haven't actually tried this, but I thought I'd throw an idea at you.
>>
>> What if you try sending a 401 instead and add the proper WWW-Authenticate
>> header to the response? The header value would depend on what kind of
>> authentication you are using, but that might work.
>>
>> If it does, let me know as I'm curious.
>>
>> Thanks,
>>
>> Joe K.
>>
>> "Ollie" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I have a requirement for a company intranet where they want to use a
>>>single
>>> sign-on with their windows 2003 domain (AD) so I was thinking of using
>>> windows authentication in the asp.net application so that I can control
>>> functionality by the roles the usr is a member of.
>>>
>>> The question I want to know is can I force the popup windows for
>>> username,
>>> password, domain to appear by 'logging' off the user from the website. I
>>> read some where if I return a "403" in the reponse header it will show
>>> the
>>> dialog and the user will have to enter the information to proceed. I
>>> tried
>>> the following but i only get the 403 error page. So how do I force the
>>> popup
>>> window to appear?
>>>
>>> tried this but only get error page:
>>>
>>> Session.Abandon();
>>> Response.Clear();
>>> Response.StatusCode = 403;
>>> Response.End();
>>>
>>>
>>> Cheers in Advance
>>>
>>> Ollie Riches
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
Ollie
Guest
Posts: n/a
 
      12-09-2004
thsnks Joe will have a look later today , I had considered clearing out the
client cache and I am aware you can do it with an AcitveX control and you
can also do it with IE6 SP1 (my preferred solution out of the two) and
javascript I believe.

http://support.microsoft.com/kb/q195192/#kb1

http://blogs.msdn.com/kclemson/archi.../17/53911.aspx

Cheers

Ollie Riches

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:%(E-Mail Removed)...
> The best thing to do is sniff the traffic and look at the headers that are
> sent back. You can also use an http proxy debugger like Fiddler for this.
>
> Generally, if you use Basic auth, it will be something like Basic
> realm=xxxx, and IWA is Negotiate, but I can't remember the exact syntax of
> either, so you should be sure.
>
> Half of my life is actually building big ASP.NET applications and doing
> security integration work, so as a result, I follow this group too.
>
> It may not be the case that you can actually clear out the cache on the
> client without running some client code though. The reprompt may be the
> best you can do.
>
> Let us know if you find more details.
>
> Joe K.
>
> "Ollie" <why do they need this!!!!> wrote in message
> news:%(E-Mail Removed)...
> > Joe
> >
> > Thanks for the reply, I tried changing it to "401" and it forced the

popup
> > login window to appear and you can enter new credentials, but it does

not
> > clear out the credentials from the browser cache so you are still
> > authenticated as the previous user if you hit 'Cancel', I didn't try it
> > with the 'proper' WWW-Authenticate header cos i don't know what that
> > should be - do you know at all ?
> >
> > nice to see you venture out of the AD newsgroups
> >
> > Cheers
> >
> > Ollie Riches
> >
> > "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)>

wrote
> > in message news:e2RbF$(E-Mail Removed)...
> >>I haven't actually tried this, but I thought I'd throw an idea at you.
> >>
> >> What if you try sending a 401 instead and add the proper

WWW-Authenticate
> >> header to the response? The header value would depend on what kind of
> >> authentication you are using, but that might work.
> >>
> >> If it does, let me know as I'm curious.
> >>
> >> Thanks,
> >>
> >> Joe K.
> >>
> >> "Ollie" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >>>I have a requirement for a company intranet where they want to use a
> >>>single
> >>> sign-on with their windows 2003 domain (AD) so I was thinking of using
> >>> windows authentication in the asp.net application so that I can

control
> >>> functionality by the roles the usr is a member of.
> >>>
> >>> The question I want to know is can I force the popup windows for
> >>> username,
> >>> password, domain to appear by 'logging' off the user from the website.

I
> >>> read some where if I return a "403" in the reponse header it will show
> >>> the
> >>> dialog and the user will have to enter the information to proceed. I
> >>> tried
> >>> the following but i only get the 403 error page. So how do I force the
> >>> popup
> >>> window to appear?
> >>>
> >>> tried this but only get error page:
> >>>
> >>> Session.Abandon();
> >>> Response.Clear();
> >>> Response.StatusCode = 403;
> >>> Response.End();
> >>>
> >>>
> >>> Cheers in Advance
> >>>
> >>> Ollie Riches
> >>>
> >>>
> >>
> >>

> >
> >

>
>



 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      12-09-2004
Ah, that's a spiffy new feature. I'm going to hang on to that link.

Thanks for digging that up.

Cheers,

Joe K.

"Ollie" <(E-Mail Removed)> wrote in message
news:uzeyq$(E-Mail Removed)...
> thsnks Joe will have a look later today , I had considered clearing out
> the
> client cache and I am aware you can do it with an AcitveX control and you
> can also do it with IE6 SP1 (my preferred solution out of the two) and
> javascript I believe.
>
> http://support.microsoft.com/kb/q195192/#kb1
>
> http://blogs.msdn.com/kclemson/archi.../17/53911.aspx
>
> Cheers
>
> Ollie Riches
>
> "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
> in message news:%(E-Mail Removed)...
>> The best thing to do is sniff the traffic and look at the headers that
>> are
>> sent back. You can also use an http proxy debugger like Fiddler for
>> this.
>>
>> Generally, if you use Basic auth, it will be something like Basic
>> realm=xxxx, and IWA is Negotiate, but I can't remember the exact syntax
>> of
>> either, so you should be sure.
>>
>> Half of my life is actually building big ASP.NET applications and doing
>> security integration work, so as a result, I follow this group too.
>>
>> It may not be the case that you can actually clear out the cache on the
>> client without running some client code though. The reprompt may be the
>> best you can do.
>>
>> Let us know if you find more details.
>>
>> Joe K.
>>
>> "Ollie" <why do they need this!!!!> wrote in message
>> news:%(E-Mail Removed)...
>> > Joe
>> >
>> > Thanks for the reply, I tried changing it to "401" and it forced the

> popup
>> > login window to appear and you can enter new credentials, but it does

> not
>> > clear out the credentials from the browser cache so you are still
>> > authenticated as the previous user if you hit 'Cancel', I didn't try it
>> > with the 'proper' WWW-Authenticate header cos i don't know what that
>> > should be - do you know at all ?
>> >
>> > nice to see you venture out of the AD newsgroups
>> >
>> > Cheers
>> >
>> > Ollie Riches
>> >
>> > "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)>

> wrote
>> > in message news:e2RbF$(E-Mail Removed)...
>> >>I haven't actually tried this, but I thought I'd throw an idea at you.
>> >>
>> >> What if you try sending a 401 instead and add the proper

> WWW-Authenticate
>> >> header to the response? The header value would depend on what kind of
>> >> authentication you are using, but that might work.
>> >>
>> >> If it does, let me know as I'm curious.
>> >>
>> >> Thanks,
>> >>
>> >> Joe K.
>> >>
>> >> "Ollie" <(E-Mail Removed)> wrote in message
>> >> news:(E-Mail Removed)...
>> >>>I have a requirement for a company intranet where they want to use a
>> >>>single
>> >>> sign-on with their windows 2003 domain (AD) so I was thinking of
>> >>> using
>> >>> windows authentication in the asp.net application so that I can

> control
>> >>> functionality by the roles the usr is a member of.
>> >>>
>> >>> The question I want to know is can I force the popup windows for
>> >>> username,
>> >>> password, domain to appear by 'logging' off the user from the
>> >>> website.

> I
>> >>> read some where if I return a "403" in the reponse header it will
>> >>> show
>> >>> the
>> >>> dialog and the user will have to enter the information to proceed. I
>> >>> tried
>> >>> the following but i only get the 403 error page. So how do I force
>> >>> the
>> >>> popup
>> >>> window to appear?
>> >>>
>> >>> tried this but only get error page:
>> >>>
>> >>> Session.Abandon();
>> >>> Response.Clear();
>> >>> Response.StatusCode = 403;
>> >>> Response.End();
>> >>>
>> >>>
>> >>> Cheers in Advance
>> >>>
>> >>> Ollie Riches
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >

>>
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pass through Windows Identity to Web Service Noremac ASP .Net Web Services 2 11-21-2007 10:05 AM
difference between pass by address and pass by reference!! blufox C Programming 2 04-03-2006 02:53 PM
Pass by reference / pass by value Jerry Java 20 09-09-2005 06:08 PM
Pass-by-reference instead of pass-by-pointer = a bad idea? Mr A C++ 111 07-14-2005 03:04 AM
windows pass through authentication\authorization.... Ollie ASP .Net 8 12-09-2004 06:42 PM



Advertisments