«

Hello,

I'm not extremely experienced in asp.net web app dev but I've done a
handfull of small projects... both forms based (internet) and windows based
auth (intranet scenario). I realize both the asp.net app and IIS are
involved in the configuration....

so, that said, can the following be done?

IIS and SQLExpress installed on server 2k8 domain controller. A web app
there currently uses forms based auth. Can this app be changed to use
integrated windows auth, BUT auth against a completey different AD forest?

to be clear:
- web app on DC in forest A
- wondering if it can be made so users from forest B can log in via
integrated windows auth.

IWA auth on a web server will authenticate against any domain that is
trusted, but if the foreign forest has no trust path at all, it won't work.

The only way you could do this would be with LDAP-based forms auth with
something like the AD membership provider.

The better way to do this would be to just run the code on a server joined
to the proper domain.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"James" <> wrote in message
news:...
> Hello,
>
> I'm not extremely experienced in asp.net web app dev but I've done a
> handfull of small projects... both forms based (internet) and windows
> based auth (intranet scenario). I realize both the asp.net app and IIS are
> involved in the configuration....
>
> so, that said, can the following be done?
>
> IIS and SQLExpress installed on server 2k8 domain controller. A web app
> there currently uses forms based auth. Can this app be changed to use
> integrated windows auth, BUT auth against a completey different AD forest?
>
> to be clear:
> - web app on DC in forest A
> - wondering if it can be made so users from forest B can log in via
> integrated windows auth.
>
>

thank you, I appreciate the info.

"Joe Kaplan" <> wrote in message
news:...
> IWA auth on a web server will authenticate against any domain that is
> trusted, but if the foreign forest has no trust path at all, it won't
> work.
>
> The only way you could do this would be with LDAP-based forms auth with
> something like the AD membership provider.
>
> The better way to do this would be to just run the code on a server joined
> to the proper domain.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> "James" <> wrote in message
> news:...
>> Hello,
>>
>> I'm not extremely experienced in asp.net web app dev but I've done a
>> handfull of small projects... both forms based (internet) and windows
>> based auth (intranet scenario). I realize both the asp.net app and IIS
>> are involved in the configuration....
>>
>> so, that said, can the following be done?
>>
>> IIS and SQLExpress installed on server 2k8 domain controller. A web app
>> there currently uses forms based auth. Can this app be changed to use
>> integrated windows auth, BUT auth against a completey different AD
>> forest?
>>
>> to be clear:
>> - web app on DC in forest A
>> - wondering if it can be made so users from forest B can log in via
>> integrated windows auth.
>>
>>
>