Combining Anonymous and Domain logon

Discussion in 'ASP .Net' started by Kjell Kristiansson, Dec 3, 2005.

  1. In developing a solution I ran into a problem where I have found no
    acceptable solution. The problem is combining users with anonymous login
    and
    users logged in to a domain in the same .aspx application.

    Here is some background:
    - the application will be accessable from the Internet, extranet and
    intranet.
    - no logon required but then you get limited information/functionality
    - if you'r not logged on you will be provided an option to log on
    - users already logged on to the domain should not need to logon in app
    - different groups of users get different information/functionality
    - the app needs to read from the directory
    - Win2k server, ASP.NET 1.1, VB/C#

    This must be a fairly common problem but still I have found no acceptable
    way to do this. I can solve it by splitting the solution to different
    directories with different authority, having an open startpage to do the
    analysiz etc.

    Kjell K.
    PS I have already asked a similar question in the security group
     
    Kjell Kristiansson, Dec 3, 2005
    #1
    1. Advertising

  2. I would approach this using the following:

    Have a global function that checks the
    request.serverVariables("Auth_User") to determine if the user is logged
    in or not. AUTH_USER will return blank if the user is anonymous. Based
    on the return of the function, show or hide content.

    If the user is anonymous, give a link to a protected page for login.
    The page can be protected in a subdirectory with a web.config that
    denies anonymous access. When the user logs in, the protected page just
    redirects to where they came from
    (request.servervariables("http_referer"))

    I'm not sure how you handle your roles (database, XML, or Active
    Directory), but you could create a genericIdentity and store it in
    session when the user is authenticated or when the session starts
    (depending on whether they entered anonymously or logged in previously).
    Then you could use the IsInRole() to show or hide content. You will be
    putting some code in the globabl.asax file to check the user roles if
    you go this route.

    The multiple directory solution is not a solution and will kill you in
    short time.

    ----
    700cb Development, Inc.
    http://www.700cb.net
    ..NET utilities, developer tools,
    and enterprise solutions

    "Kjell Kristiansson" <> wrote in
    news:eOocSC$:

    > In developing a solution I ran into a problem where I have found no
    > acceptable solution. The problem is combining users with anonymous
    > login and
    > users logged in to a domain in the same .aspx application.
    >
    > Here is some background:
    > - the application will be accessable from the Internet, extranet and
    > intranet.
    > - no logon required but then you get limited information/functionality
    > - if you'r not logged on you will be provided an option to log on
    > - users already logged on to the domain should not need to logon in
    > app - different groups of users get different
    > information/functionality - the app needs to read from the directory
    > - Win2k server, ASP.NET 1.1, VB/C#
    >
    > This must be a fairly common problem but still I have found no
    > acceptable way to do this. I can solve it by splitting the solution to
    > different directories with different authority, having an open
    > startpage to do the analysiz etc.
    >
    > Kjell K.
    > PS I have already asked a similar question in the security group
    >
     
    cbDevelopment, Dec 12, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. et
    Replies:
    10
    Views:
    19,263
  2. =?Utf-8?B?QnVnZ3ltYW4=?=

    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON

    =?Utf-8?B?QnVnZ3ltYW4=?=, Jun 24, 2005, in forum: ASP .Net
    Replies:
    5
    Views:
    47,613
    sangsharma
    Dec 31, 2007
  3. Sorcerdon
    Replies:
    2
    Views:
    3,120
    Norman Yuan
    Jul 5, 2006
  4. Srinivas Chintakindi

    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

    Srinivas Chintakindi, Nov 10, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    1,506
    Jay Pondy
    Nov 30, 2006
  5. Kjell Kristiansson
    Replies:
    0
    Views:
    293
    Kjell Kristiansson
    Nov 30, 2005
Loading...

Share This Page