Basic authentication without browser login window

  • Thread starter Diego Embon \(personal mail\)
  • Start date
D

Diego Embon \(personal mail\)

Hello,

I have a problem with basic windows authentication in IIS6. As a developer
I'm requested to implement windows authentication on my web application
(asp.net), but to avoid the browser login window. I have all the users in
Active Directory and this is not an intranet system. I've tried a few
techniques to achieve my goal:

1. ISAPI filter is the most flexible option, but I'm looking for something
simpler.
2. Impersonation fails in maintaining the credentials between different
requests. I can impersonate to the user using the token return by the logon
function, but when redirecting to the next page, the user credentials are
not kept.
3. I tried using http://username:passowrd@server/site/page.ext. This works
fine (secured only when implementing SSL) but Microsoft is dropping this
method, and IE6 does not support it in its new versions (support can be
activated by a key in the registry but I have no access to the clients
stations).

After I logon to AD using the user credentials entered in my custom asp.net
login form, I have the user's token. The only missing part is how to pass
this token to the browser token cache.

Does anyone have any suggestion?

Thanks!

Diego.
 
P

Paul Clement

¤ Hello,
¤
¤ I have a problem with basic windows authentication in IIS6. As a developer
¤ I'm requested to implement windows authentication on my web application
¤ (asp.net), but to avoid the browser login window. I have all the users in
¤ Active Directory and this is not an intranet system. I've tried a few
¤ techniques to achieve my goal:
¤
¤ 1. ISAPI filter is the most flexible option, but I'm looking for something
¤ simpler.
¤ 2. Impersonation fails in maintaining the credentials between different
¤ requests. I can impersonate to the user using the token return by the logon
¤ function, but when redirecting to the next page, the user credentials are
¤ not kept.
¤ 3. I tried using http://username:passowrd@server/site/page.ext. This works
¤ fine (secured only when implementing SSL) but Microsoft is dropping this
¤ method, and IE6 does not support it in its new versions (support can be
¤ activated by a key in the registry but I have no access to the clients
¤ stations).
¤
¤ After I logon to AD using the user credentials entered in my custom asp.net
¤ login form, I have the user's token. The only missing part is how to pass
¤ this token to the browser token cache.
¤
¤ Does anyone have any suggestion?
¤

Have you looked at Forms Authentication using Active Directory?

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Login form no longer working 2
About as basic "Newbie-Question" that you can get. 3
BASIC authentication in .NET 2
How can I simply view old MS BASIC V7 files on my Win10 PC? 2
Basic Authentication 2
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
WCF service, legacy client using Basic authentication? 1
Login page with Basic authentication (newbie) 1

Members online

Total: 23 (members: 1, guests: 22)
Robots: 364

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top