Using Windows Authentication and Form-Based

I realize there may be several approaches to accomplishing this, but if anyone has some advice on the best and simplest method, I would appreciate it...

Would like to have an intranet page that captures a user's domain username automatically when they are on a domain computer. I know this can be accomplished by setting up IIS to use Windows Authentication and then capture the LOGON_USER variable.

The problem is I would also like to make the site available outside the domain network, using some kind of form-database-based login within my application. For this I would have to allow anonymous access.

I really would be ok allowing anonymous access for the whole site and controlling security at the appluication level, but then I wouldn't be able to get the username of a domain user.

Any thoughts or help would be appreciated.

If you haven't configured IIS to use windows authentication only, and if you haven't changed the default file permissions on your virtual directorym, then you already allow anonymous access to your web pages. You can google for any number of ways to create a database-driven login system in asp, or download some open-source apps that do logins and review the code they use.

Understood, but that doesn't solve my problem of automatically authenticaing the user based on their AD username when they are on a domain computer (i.e. on the intranet)

So your IIS isn't configured to support windows authentication? There are some wmi objects that let you query AD from code, maybe you can write or find a module that can do an application login from AD user data.

I can configure windows auth, but would prefer not to for users who are not on the local network. Think I found a reasonable work-around... Going to programmatically throw a 401 status if the user is on a local IP address...


If Request.ServerVariables("LOGON_USER") = "" Then
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate","NTLM"
Response.End
Else
End If