Authentication 101

[Guest]

Hi All

I am new to .NET, this could be a very basic question
I would like to write a login page to capture username / password, and then
use window authentication to authenticate the user. I have done some
readings and come across with IPrinciple, WindowPrinciple .... but can
someone show me some sample code or a pointer to a documentation showing
some sample code, on what exactly to be used to perform a basic
authentication?

Thankyou very much.
dl

--

 

[Joe Kaplan \(MVP - ADSI\)]

Windows authentication is designed to work with the built-in browser
features to do authentication, not forms authentication. If you need to,
you can write your own forms authentication provider to do so, but you'll
have to do a lot of extra work to get this. Is it really necessary?

I'd suggest using the LogonUser API or SSPI to create a WindowsPrincipal
based on a username and password. Both of those will require p/invoke code
though. There are numerous samples available online.

Joe K.

 

[jyjohnson]

Perhaps this will work:
http://www.codeproject.com/aspnet/ASPdotnet_LoginControl.asp

 

[Guest]

Thanks.
After test driving a sample window authentication, I found I would need the
form authentication instead, but can I do it using LDAP ...?

/dl

Windows authentication is designed to work with the built-in browser
features to do authentication, not forms authentication. If you need to,
you can write your own forms authentication provider to do so, but you'll
have to do a lot of extra work to get this. Is it really necessary?

I'd suggest using the LogonUser API or SSPI to create a WindowsPrincipal
based on a username and password. Both of those will require p/invoke code
though. There are numerous samples available online.

Joe K.

 

[Joe Kaplan \(MVP - ADSI\)]

Do you want a WindowsPrincipal or are you ok with some type of generic
IPrincipal? If generic is ok, then you can just use LDAP. I'd still
suggest going the other route if you can, but that is up to you.

A quick Google search for Forms authentication and LDAP should turn up some
of the MS samples. They are not great, but they should get you started.

I still don't understand what's so important about forms authentication, but
I guess some people really want that in their applications. I'd rather not
have all the extra code to worry about if I don't need it, but that's just
me I guess.

Joe K.

Thanks.
After test driving a sample window authentication, I found I would need
the
form authentication instead, but can I do it using LDAP ...?

/dl

 

[JYJ]

Joe -- Per a previous post, I can't create a new thread to use the
user's identity (I think it is always using the aspnet service account
identity). This thread needs to run a long-running process ( ~5
minutes) and then write some files out to a share on another server. If
I try the process without having it run on a new thread it works (well,
the files are created; I skip the long process so I could test it).

I've read some things about LogonUser, ReverttoSelf in advapi32, but I
can't get it to work...

Any ideas??!! <<Thanks>>

 

[Joe Kaplan \(MVP - ADSI\)]

This is a limitation of the way Thread.Start works in .NET 1.1. Dominick
Baier posted a fix that shows how to overcome this by passing the
WindowsIdentity you want to impersonate as a parameter on Thread.Start and
then calling WindowsIdentity.Impersonate on it. I'd suggest doing a quick
Google groups search to find this. It was within the last week.

You should not need to call LogonUser or RevertToSelf directly within your
thread code if you have the WindowsIdentity that you want to impersonate
already.

HTH,

Joe K.