D
Diego Embon \(personal mail\)
Hello,
I have a problem with basic windows authentication in IIS6. As a developer
I'm requested to implement windows authentication on my web application
(asp.net), but to avoid the browser login window. I have all the users in
Active Directory and this is not an intranet system. I've tried a few
techniques to achieve my goal:
1. ISAPI filter is the most flexible option, but I'm looking for something
simpler.
2. Impersonation fails in maintaining the credentials between different
requests. I can impersonate to the user using the token return by the logon
function, but when redirecting to the next page, the user credentials are
not kept.
3. I tried using http://username:passowrd@server/site/page.ext. This works
fine (secured only when implementing SSL) but Microsoft is dropping this
method, and IE6 does not support it in its new versions (support can be
activated by a key in the registry but I have no access to the clients
stations).
After I logon to AD using the user credentials entered in my custom asp.net
login form, I have the user's token. The only missing part is how to pass
this token to the browser token cache.
Does anyone have any suggestion?
Thanks!
Diego.
I have a problem with basic windows authentication in IIS6. As a developer
I'm requested to implement windows authentication on my web application
(asp.net), but to avoid the browser login window. I have all the users in
Active Directory and this is not an intranet system. I've tried a few
techniques to achieve my goal:
1. ISAPI filter is the most flexible option, but I'm looking for something
simpler.
2. Impersonation fails in maintaining the credentials between different
requests. I can impersonate to the user using the token return by the logon
function, but when redirecting to the next page, the user credentials are
not kept.
3. I tried using http://username:passowrd@server/site/page.ext. This works
fine (secured only when implementing SSL) but Microsoft is dropping this
method, and IE6 does not support it in its new versions (support can be
activated by a key in the registry but I have no access to the clients
stations).
After I logon to AD using the user credentials entered in my custom asp.net
login form, I have the user's token. The only missing part is how to pass
this token to the browser token cache.
Does anyone have any suggestion?
Thanks!
Diego.