#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2012
    Posts
    6
    Rep Power
    0

    Using Windows Authentication and Form-Based


    I realize there may be several approaches to accomplishing this, but if anyone has some advice on the best and simplest method, I would appreciate it...

    Would like to have an intranet page that captures a user's domain username automatically when they are on a domain computer. I know this can be accomplished by setting up IIS to use Windows Authentication and then capture the LOGON_USER variable.

    The problem is I would also like to make the site available outside the domain network, using some kind of form-database-based login within my application. For this I would have to allow anonymous access.

    I really would be ok allowing anonymous access for the whole site and controlling security at the appluication level, but then I wouldn't be able to get the username of a domain user.

    Any thoughts or help would be appreciated.
  2. #2
  3. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,424
    Rep Power
    4539
    If you haven't configured IIS to use windows authentication only, and if you haven't changed the default file permissions on your virtual directorym, then you already allow anonymous access to your web pages. You can google for any number of ways to create a database-driven login system in asp, or download some open-source apps that do logins and review the code they use.
    ======
    Doug G
    ======
    The man who doesn't read good books has no advantage over the man who can't read them.
    --Mark Twain
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2012
    Posts
    6
    Rep Power
    0
    Understood, but that doesn't solve my problem of automatically authenticaing the user based on their AD username when they are on a domain computer (i.e. on the intranet)
  6. #4
  7. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,424
    Rep Power
    4539
    So your IIS isn't configured to support windows authentication? There are some wmi objects that let you query AD from code, maybe you can write or find a module that can do an application login from AD user data.
    ======
    Doug G
    ======
    The man who doesn't read good books has no advantage over the man who can't read them.
    --Mark Twain
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2012
    Posts
    6
    Rep Power
    0
    I can configure windows auth, but would prefer not to for users who are not on the local network. Think I found a reasonable work-around... Going to programmatically throw a 401 status if the user is on a local IP address...


    If Request.ServerVariables("LOGON_USER") = "" Then
    Response.Status = "401 Unauthorized"
    Response.AddHeader "WWW-Authenticate","NTLM"
    Response.End
    Else
    End If

IMN logo majestic logo threadwatch logo seochat tools logo