Forms authentication with Windows authentication

Discussion in 'ASP .Net Security' started by Dadi, Sep 10, 2003.

  1. Dadi

    Dadi Guest

    Hi,

    I have an ASP.NET web site that uses IIS Basic Authentication and accesses
    an OLAP Server at various stages. The OLAP Server authentication mechanism
    relies on Windows accounts and therefore when a new user needs access to the
    system we must create a new Windows user account for him.

    This is a 3-year old application and at the time it was decided to let the
    OLAP Server handle the filtering of information returned to the client based
    on his supplied Windows user account (I wasn´t there at the time). Now I´m
    trying to figure out how we can allow users from other sites enter ours
    without explicitly logging in. That is, I need to make it possible for our
    clients to come from a web site A, where they have been authenticated, and
    enter ours by sending us the user´s credentials for authentication,
    effectively making the dialog box redundant.

    This puts the burden on our site to have an API of sorts (most likely just
    another .aspx page) that can receive a username and password and use that to
    authenticate the incoming user. What I need here is to take the credentials,
    authenticate them somehow (most likely with the LogonUser API) and then do
    something with the result so that after this, all calls from the user will
    have the resulting Windows user credentials associated with it.

    Does this call for impersonation or do I need to replace the Principal for
    the entire context for this user somehow?

    Any suggestions or comments truly appreciated.

    Regards,
    Dadi.
     
    Dadi, Sep 10, 2003
    #1
    1. Advertising

  2. Dadi

    Joe Camp Guest

    Any response about this? I have a similar situation and was wonder how to
    best resolve it.

    Thanks,
    Joe

    "Dadi" <> wrote in message
    news:...
    > Hi,
    >
    > I have an ASP.NET web site that uses IIS Basic Authentication and accesses
    > an OLAP Server at various stages. The OLAP Server authentication mechanism
    > relies on Windows accounts and therefore when a new user needs access to

    the
    > system we must create a new Windows user account for him.
    >
    > This is a 3-year old application and at the time it was decided to let the
    > OLAP Server handle the filtering of information returned to the client

    based
    > on his supplied Windows user account (I wasn´t there at the time). Now I´m
    > trying to figure out how we can allow users from other sites enter ours
    > without explicitly logging in. That is, I need to make it possible for our
    > clients to come from a web site A, where they have been authenticated, and
    > enter ours by sending us the user´s credentials for authentication,
    > effectively making the dialog box redundant.
    >
    > This puts the burden on our site to have an API of sorts (most likely just
    > another .aspx page) that can receive a username and password and use that

    to
    > authenticate the incoming user. What I need here is to take the

    credentials,
    > authenticate them somehow (most likely with the LogonUser API) and then do
    > something with the result so that after this, all calls from the user will
    > have the resulting Windows user credentials associated with it.
    >
    > Does this call for impersonation or do I need to replace the Principal for
    > the entire context for this user somehow?
    >
    > Any suggestions or comments truly appreciated.
    >
    > Regards,
    > Dadi.
    >
    >
     
    Joe Camp, Sep 12, 2003
    #2
    1. Advertising

  3. Dadi

    Scott Scott Guest

    have you thought about protecting the content by originating IP address
    (from the partner).

    then you can assign them a cookie, or perhaps log them in via basic
    authentication with a random username and password.

    or you can always protect the rest of your content by referrer.

    you can contact me offline if you want further clarification.










    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Scott Scott, Sep 16, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,527
    Tommy
    Feb 13, 2004
  2. jfer
    Replies:
    3
    Views:
    568
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
  3. Eric
    Replies:
    2
    Views:
    595
  4. Michael D. Ober
    Replies:
    6
    Views:
    304
    Michael D. Ober
    Oct 30, 2006
  5. Stormbringer

    Forms Authentication & Windows Authentication

    Stormbringer, Feb 26, 2007, in forum: ASP .Net Security
    Replies:
    2
    Views:
    143
Loading...

Share This Page