Hi Keith,
From your further description, I think your current problem is how to
manually collect the username/password from the enduser and do a windows
logon auhtenticate, yes? The Integrated windows authentication in IIS is
done automatically before each webrequest and we can not manually redo the
authentication. Currently the only available approach may be manually call
the WINDOWS LogonUser API to validate the user acccount, we need to provide
the cleartext username/password when calling this API, do you think this is
possible? If so the following kb article has mentioned use LogonUser API
through .net PInvoke in asp.net application.
#How to implement impersonation in an ASP.NET application
http://support.microsoft.com/default.aspx?scid=kb;en-us;306158
Hope helps. Thanks,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
--------------------
| Thread-Topic: Can I force a Windows Authentication / Login?
| thread-index: AcXLZJySqJqzylOGQpucW7kNlnrfJQ==
| X-WBNR-Posting-Host: 204.250.153.2
| From: "=?Utf-8?B?S2VpdGggSA==?=" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
| Subject: Re: Can I force a Windows Authentication / Login?
| Date: Fri, 7 Oct 2005 10:29:03 -0700
| Lines: 71
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:129860
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Thanks Ken,
|
| But I don't want to do forms authentication. What I want to do is,
ideally,
| write a function that will prompt the user to re-authenticate against
their
| Windows domain account, return true if successful and false if not.
|
| Then I would put the function in the button click event; if returns true
I
| continue to do more code, if returns false I give the user an error
message
| in a label on the page.
|
| I already understand about turning off anonymous access in IIS admin,
etc.
| But that doesn't actually force the user to re-authenticate, it just
provides
| the Windows identity info in the context, like the LOGON_USER, etc. And I
| don't want them to enter their username and password until they click the
| button on the page.
|
| I've tried poking through some of the security classes in the .NET
| documentation, but I haven't seen any sample code that points me in the
right
| direction...
|
|
| "Ken Cox [Microsoft MVP]" wrote:
|
| > Hi Keith,
| >
| > One technique is to redirect them to a page that denies access to
anonymous
| > users. This throws up the login dialogue box.
| >
| > In your Web.config, add a <location> before <system.web>
| >
| > <configuration>
| > <location path="auth.aspx">
| > <system.web>
| > <authorization>
| > <deny users="?"/>
| > </authorization>
| > </system.web>
| > </location>
| > <system.web>
| > ....
| >
| > Then create a page called auth.aspx.
| >
| > In your button click code redirect like this:
| >
| > Private Sub Button1_Click _
| > (ByVal sender As System.Object, _
| > ByVal e As System.EventArgs) Handles Button1.Click
| > Response.Redirect("auth.aspx")
| > End Sub
| >
| > Let us know if this helps?
| >
| > Ken
| > Microsoft MVP [ASP.NET]
| >
| >
| >
| >
| > | > > I'm looking for a way to force the user to re-authenticate with their
| > > Windows
| > > username/password/domain after clicking the submit button on an
ASP.NET
| > > page.
| > > This is for an internal application.
| > >
| > > Does anyone know if/how this can be done?
| >
| >
| >
|