Choosing Integrated vs. Forms authentication dynamically

Discussion in 'ASP .Net Security' started by Rob Blitz, Oct 17, 2003.

  1. Rob Blitz

    Rob Blitz Guest

    I'd like to have my (intranet) application's users choose to use their NT
    Login account credentials or specify another UserID/password combo on the
    app's login page. Is this possible? So far, I've only seen ASP.NET examples
    where you have either integrated Windows authentication OR Forms specified
    in webconfig.xml.

    Use a custom HTTPHandler or HTTPModule?

    If anyone can paint a simple picture of how this can be done I'd appreciate
    it.
    Rob Blitz, Oct 17, 2003
    #1
    1. Advertising

  2. Rob Blitz

    MSFT Guest

    Hi Rob,

    I think you may make the user make the choice on the login form. For
    example, there are two options: 1. with default windows account; 2, specify
    a special windows account with name and password. On server side, you can
    get the informaiton from login form and authenticate the credential. For
    detailed information, you may refer to this KB article:

    HOW TO: Authenticate against the Active Directory by Using Forms
    Authentication and Visual Basic .NET
    http://support.microsoft.com/default.aspx?kbid=326340

    Hope this help,


    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    MSFT, Oct 20, 2003
    #2
    1. Advertising

  3. Rob Blitz

    Rob Blitz Guest

    Luke,
    Thanks for the response.

    So I would create a form that had, say, an "auto login" button that says
    something like "Login as user logged into this machine" and right below it
    would be the second alternative, which would be a form with inputs fields
    for user id and password with a button that says "Login as another user".
    The second alternative allows me to go to a coworkers workstation where they
    were logged in, and login as myself rather than using their NT logon token.

    Now, I have to choose windows OR forms authentication in web.config; I can't
    use both. If I do as the KB article suggests, I use forms authentication.
    But if I do this, my "auto login" button won't work. What I'm really after
    here is a way to allow a user to not have to input their user id and
    password if they are already logged in on that machine while at the same
    time, allowing users to do an explicit authentication as any user.

    I've seen this done in MS Project Server's web interface.

    Rob


    "MSFT" <> wrote in message
    news:p...
    > Hi Rob,
    >
    > I think you may make the user make the choice on the login form. For
    > example, there are two options: 1. with default windows account; 2,

    specify
    > a special windows account with name and password. On server side, you can
    > get the informaiton from login form and authenticate the credential. For
    > detailed information, you may refer to this KB article:
    >
    > HOW TO: Authenticate against the Active Directory by Using Forms
    > Authentication and Visual Basic .NET
    > http://support.microsoft.com/default.aspx?kbid=326340
    >
    > Hope this help,
    >
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    Rob Blitz, Oct 20, 2003
    #3
  4. Rob Blitz

    MSFT Guest

    Hi Rob,

    I think you may choose Form authentication only. When user choose "auto
    login", you can get his account from Request object's ServerVariables
    Property and its IsAuthenticated property.

    On IIS virtual folder, you can set integrated windows authentication; In
    web.config, you can set form authentication.

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    MSFT, Oct 21, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Markus Stehle

    Integrated security + Forms authentication

    Markus Stehle, Aug 21, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    410
    ASP.NET
    Aug 22, 2003
  2. Mark
    Replies:
    0
    Views:
    663
  3. Brett Smith
    Replies:
    2
    Views:
    438
    Brett Smith
    Oct 26, 2004
  4. Eric
    Replies:
    2
    Views:
    451
  5. Replies:
    2
    Views:
    245
Loading...

Share This Page