Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Controls > Enabling Windows Authentication from inside Forms Authentication (ASP.NET 2.0)

Reply
Thread Tools

Enabling Windows Authentication from inside Forms Authentication (ASP.NET 2.0)

 
 
Michael D. Ober
Guest
Posts: n/a
 
      10-25-2006
I need the ability to bypass the forms authentication login page when the
user requesting the protected page is running on our corporate network and
is also logged into the corporate domain. How do I do this?

Thanks,
Mike Ober.


 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      10-25-2006
Thats not easily doable.

the easiest way is to provider two application entry points - one for non-domain
users, and a separate app for domain users that converts the windows account
details to a forms auth cookie.

another option is to modify the pipeline and inject some modules that "bypass"
forms auth - this needs some kind of indicator if windows auth should be
used or not - like an IP address range for domain users.

i described both approaches and trade offs in detail here - but feel free
to ask more questions:

http://www.microsoft.com/mspress/books/9989.asp

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

> I need the ability to bypass the forms authentication login page when
> the user requesting the protected page is running on our corporate
> network and is also logged into the corporate domain. How do I do
> this?
>
> Thanks,
> Mike Ober



 
Reply With Quote
 
 
 
 
Jeff Dillon
Guest
Posts: n/a
 
      10-25-2006

http://msdn.microsoft.com/library/de...edsecurity.asp

"Michael D. Ober" <obermd.@.alum.mit.edu.nospam> wrote in message
news:%23X4JEeH%(E-Mail Removed)...
>I need the ability to bypass the forms authentication login page when the
>user requesting the protected page is running on our corporate network and
>is also logged into the corporate domain. How do I do this?
>
> Thanks,
> Mike Ober.
>
>



 
Reply With Quote
 
Michael D. Ober
Guest
Posts: n/a
 
      10-26-2006
Jeff,

Thanks for the link.

Mike Ober.

"Jeff Dillon" <(E-Mail Removed)> wrote in message
news:OS9qpWI%(E-Mail Removed)...
>
> http://msdn.microsoft.com/library/de...edsecurity.asp
>
> "Michael D. Ober" <obermd.@.alum.mit.edu.nospam> wrote in message
> news:%23X4JEeH%(E-Mail Removed)...
>>I need the ability to bypass the forms authentication login page when the
>>user requesting the protected page is running on our corporate network and
>>is also logged into the corporate domain. How do I do this?
>>
>> Thanks,
>> Mike Ober.
>>
>>

>
>



 
Reply With Quote
 
Phil H
Guest
Posts: n/a
 
      10-29-2006
Dear Mike

You don't say whether external users have an internal network account
but if you opt for Windows authentication in web.config and set
Directory Security in IIS to "Integrated Windows" and disable
"Anonymous access" then external visitors will be prompted for a
username and password. The credentials they supply will be verified by
a domain controller in the same manner as in internal corporate network
login.

Hope that's helpful

Phil Hall

 
Reply With Quote
 
Michael D. Ober
Guest
Posts: n/a
 
      10-30-2006
That won't work. My external users must use Forms Authentication because
they don't have domain accounts (nor am I going to shell out $$$ to M$ for
web-enabled CALs for them.) I did solve the problem by mimicking the login
control, however.

Mike.

"Phil H" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Dear Mike
>
> You don't say whether external users have an internal network account
> but if you opt for Windows authentication in web.config and set
> Directory Security in IIS to "Integrated Windows" and disable
> "Anonymous access" then external visitors will be prompted for a
> username and password. The credentials they supply will be verified by
> a domain controller in the same manner as in internal corporate network
> login.
>
> Hope that's helpful
>
> Phil Hall
>



 
Reply With Quote
 
Michael D. Ober
Guest
Posts: n/a
 
      10-30-2006
Phil,

Sorry about being curt - it's Monday from Hell here.

Mike.

"Michael D. Ober" <obermd.@.alum.mit.edu.nospam> wrote in message
news:uEM183C$(E-Mail Removed)...
> That won't work. My external users must use Forms Authentication because
> they don't have domain accounts (nor am I going to shell out $$$ to M$ for
> web-enabled CALs for them.) I did solve the problem by mimicking the
> login control, however.
>
> Mike.
>
> "Phil H" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>> Dear Mike
>>
>> You don't say whether external users have an internal network account
>> but if you opt for Windows authentication in web.config and set
>> Directory Security in IIS to "Integrated Windows" and disable
>> "Anonymous access" then external visitors will be prompted for a
>> username and password. The credentials they supply will be verified by
>> a domain controller in the same manner as in internal corporate network
>> login.
>>
>> Hope that's helpful
>>
>> Phil Hall
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Enabling Windows Authentication from inside Forms Authentication (ASP.NET 2.0) Michael D. Ober ASP .Net Security 6 10-30-2006 03:17 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Enabling Forms Authentication Stops Button Click Events Waqas Pitafi ASP .Net Security 3 08-22-2005 06:20 PM
Enabling Forms Authentication Stops Button Click Events =?Utf-8?B?V2FxYXMgUGl0YWZp?= ASP .Net 0 08-21-2005 06:05 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments