How to implement mixed asp.net authentication

I

Invalidlastname

Hi,

Here is the issue: we have an ASP.NET application which is protected by Form
authentication. The web application is hosted in the web-farm environment on
multiple web servers. There are several asmx webservices pages used for
inter-server communications, e.g. invalidate the cached items, status
notifications. Since these asmx pages need to access the same application
domain and httpcontext as primary asp.net application, the files have to be
located in virtual directories under application root.

questions:
1- Is there a way to implement mixed authentications in an ASP.NET
application? If this is possible then I can set the primary web application
to use form authentication and helper web services to use windows
authentication
2- If option 1 is not possible, is there any way that application A can
invalidate the application B's cached objects (in this case, application B
is protected by form authentication) ?
3- if form authentication must be used, how can I create credential and pass
it with web services calls (in my case, this is the same application hosted
on multiple server, the authentication ticket created on server A should be
accepted by server B )

Thanks

ILN
 
S

Steven Cheng[MSFT]

Hi ILN,

As for the mixed authentication problem you mentioned, here are my
suggestions:

The ASP.NET Web application allow only one Authentication Mode in a single
web application ,so we can't use Mulit Authentication setting in one web
application.
Since WebService can't apply FormsAuthentication, so we need to put them in
different web appliations.

As for how to invalid the application cache data in one Web application
from another web application, I think one means is to provide a web page in
the web application which is used to invalide the cache data in the
webapplication. then, another web applicaiton which need to invalide its
cache data can call this page to do so.

And since the webservice is using windows authentication and the web
application is using formsauthenticaotin, I think you can provide a
particular login page for the webservice. It can get the username and
password from the Request's Forms Collection(post data) to do the
authentication. Then, in webservice we can use HttpWebRequest class to
programmatically login the web application and use HttpWebrequest to call
the InvalidateCache.
How do you think of this?

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top