Forms Authentication Ticket Functionality With Windows Authentication

Discussion in 'ASP .Net Security' started by jfer, Sep 16, 2005.

  1. jfer

    jfer Guest

    I am creating a web application for a company intranet and I am using
    Windows Authentication for a somewhat "transparent" login process.
    What I would like to do is allow all users into the application that
    exist in our LDAP under a particular user (their is a heirarchy
    associated with the LDAP tree). I was able to do this with Forms
    Authentication as I included the code to do this in the Page_Load event
    of the page associated with the <forms> tag in the web.config. My
    question is where would I include this functionality when using
    Integrated Windows Authentication? And any idea what would be the best
    way to sort of keep track of the user like the forms authentication
    ticket does. Thanks in advance.
     
    jfer, Sep 16, 2005
    #1
    1. Advertising

  2. Hello jfer,


    is this 1.1?

    You could handle the Authenticate_Request and check via LDAP. If the user
    is in a particular OU let him through, otherwise reject.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I am creating a web application for a company intranet and I am using
    > Windows Authentication for a somewhat "transparent" login process.
    > What I would like to do is allow all users into the application that
    > exist in our LDAP under a particular user (their is a heirarchy
    > associated with the LDAP tree). I was able to do this with Forms
    > Authentication as I included the code to do this in the Page_Load
    > event
    > of the page associated with the <forms> tag in the web.config. My
    > question is where would I include this functionality when using
    > Integrated Windows Authentication? And any idea what would be the
    > best
    > way to sort of keep track of the user like the forms authentication
    > ticket does. Thanks in advance.
     
    Dominick Baier [DevelopMentor], Sep 16, 2005
    #2
    1. Advertising

  3. jfer

    jfer Guest

    Sorry just to clarify it is in ASP.NET 2.0. I am famaliar with
    querying the LDAP but what is confusing me is where to include it.
    Does Authenticate_Request run on every user interaction with the web
    application or only the first time they enter a web application (sort
    of like Session Start). And what would be the best way to make sure
    they are put through this "gateway" if they try to jump to a page
    somewhere in the middle of the web application later on (lets say via a
    bookmark) and to manage this (Cookies? Session?) I liked how Forms
    Authentication let you hook to a sort of start page. Again insight is
    appreciated.

    Thanks
     
    jfer, Sep 16, 2005
    #3
  4. Hello jfer,

    Authenticate_Request runs on every request - there is no way to bypass.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Sorry just to clarify it is in ASP.NET 2.0. I am famaliar with
    > querying the LDAP but what is confusing me is where to include it.
    > Does Authenticate_Request run on every user interaction with the web
    > application or only the first time they enter a web application (sort
    > of like Session Start). And what would be the best way to make sure
    > they are put through this "gateway" if they try to jump to a page
    > somewhere in the middle of the web application later on (lets say via
    > a
    > bookmark) and to manage this (Cookies? Session?) I liked how Forms
    > Authentication let you hook to a sort of start page. Again insight is
    > appreciated.
    > Thanks
    >
     
    Dominick Baier [DevelopMentor], Sep 16, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. e
    Replies:
    1
    Views:
    3,582
    John Saunders
    Oct 24, 2003
  2. =?Utf-8?B?Y2h1Y2sgcnVkb2xwaA==?=

    Forms Authentication Ticket/Cookie values

    =?Utf-8?B?Y2h1Y2sgcnVkb2xwaA==?=, May 17, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    644
    Brock Allen
    May 19, 2005
  3. Mythran
    Replies:
    2
    Views:
    406
    Mythran
    Mar 8, 2007
  4. Gibble
    Replies:
    6
    Views:
    1,660
    =?Utf-8?B?VmlqYXk=?=
    May 15, 2007
  5. Lauchlan M
    Replies:
    0
    Views:
    226
    Lauchlan M
    Oct 1, 2003
Loading...

Share This Page