Basic authentication without browser login window

Discussion in 'ASP .Net Security' started by Diego Embon \(personal mail\), Oct 5, 2004.

  1. Hello,

    I have a problem with basic windows authentication in IIS6. As a developer
    I'm requested to implement windows authentication on my web application
    (asp.net), but to avoid the browser login window. I have all the users in
    Active Directory and this is not an intranet system. I've tried a few
    techniques to achieve my goal:

    1. ISAPI filter is the most flexible option, but I'm looking for something
    simpler.
    2. Impersonation fails in maintaining the credentials between different
    requests. I can impersonate to the user using the token return by the logon
    function, but when redirecting to the next page, the user credentials are
    not kept.
    3. I tried using http://username:passowrd@server/site/page.ext. This works
    fine (secured only when implementing SSL) but Microsoft is dropping this
    method, and IE6 does not support it in its new versions (support can be
    activated by a key in the registry but I have no access to the clients
    stations).

    After I logon to AD using the user credentials entered in my custom asp.net
    login form, I have the user's token. The only missing part is how to pass
    this token to the browser token cache.

    Does anyone have any suggestion?

    Thanks!

    Diego.
    Diego Embon \(personal mail\), Oct 5, 2004
    #1
    1. Advertising

  2. Diego Embon \(personal mail\)

    Paul Clement Guest

    On Tue, 5 Oct 2004 23:42:42 +0200, "Diego Embon \(personal mail\)" <> wrote:

    ¤ Hello,
    ¤
    ¤ I have a problem with basic windows authentication in IIS6. As a developer
    ¤ I'm requested to implement windows authentication on my web application
    ¤ (asp.net), but to avoid the browser login window. I have all the users in
    ¤ Active Directory and this is not an intranet system. I've tried a few
    ¤ techniques to achieve my goal:
    ¤
    ¤ 1. ISAPI filter is the most flexible option, but I'm looking for something
    ¤ simpler.
    ¤ 2. Impersonation fails in maintaining the credentials between different
    ¤ requests. I can impersonate to the user using the token return by the logon
    ¤ function, but when redirecting to the next page, the user credentials are
    ¤ not kept.
    ¤ 3. I tried using http://username:passowrd@server/site/page.ext. This works
    ¤ fine (secured only when implementing SSL) but Microsoft is dropping this
    ¤ method, and IE6 does not support it in its new versions (support can be
    ¤ activated by a key in the registry but I have no access to the clients
    ¤ stations).
    ¤
    ¤ After I logon to AD using the user credentials entered in my custom asp.net
    ¤ login form, I have the user's token. The only missing part is how to pass
    ¤ this token to the browser token cache.
    ¤
    ¤ Does anyone have any suggestion?
    ¤

    Have you looked at Forms Authentication using Active Directory?

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp


    Paul ~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Oct 6, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brett Porter
    Replies:
    5
    Views:
    584
    Brett Porter
    Feb 3, 2004
  2. UJ
    Replies:
    2
    Views:
    7,508
    John Timney \(ASP.NET MVP\)
    Jun 27, 2005
  3. Sasquatch
    Replies:
    2
    Views:
    462
    Sasquatch
    Oct 4, 2006
  4. Steven K0

    Login page with Basic authentication (newbie)

    Steven K0, Apr 9, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    187
    Hernan de Lahitte
    Apr 10, 2005
  5. mike

    Basic Authentication/Custom Login page

    mike, Sep 14, 2005, in forum: ASP .Net Security
    Replies:
    17
    Views:
    573
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
Loading...

Share This Page