membership and redirect of unauthenticated requests

Discussion in 'ASP .Net Security' started by Jerry C, Jun 14, 2006.

  1. Jerry C

    Jerry C Guest

    I am trying to implment membership.

    The problem I am having is setting up the authentication and authorization
    section.
    I may have misunderstood this class.

    I want to have a user that is using IE and is a member of the domain or if
    there is a stand alone server that has a companion account on the server with
    the same username and password as their workstation. To go to the defaultUrl
    and be authorized by integrated windows (IE is setup to login). This works
    for these users if I set the properties of the defaultUrl page to integrated
    windows. But the other users do not get redirected they only get a login
    popup from the server. I then wanted to use active directory membership to
    authenticate them.

    Can you give me some direction on how to do this.

    Thank you.

    --
    Jerry
    Jerry C, Jun 14, 2006
    #1
    1. Advertising

  2. Hello Jerry,

    Is the stand alone server also in the domain? If not, the domain users are
    not able to be authenticated directly. You may need a login form for them
    to input user name, password and domain name. In the login form, you may
    query AD and verify the user.

    For other users (With companion account on the stand alone server) , you
    may provide a link on the login form, and pointing to a page with windows
    authentication. In this page, set the Context.User:

    GenericPrincipal principal = new GenericPrincipal(id, groups);

    Context.User = principal;

    And then, redirect to other pages.

    Regards,

    Luke Zhang
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Jun 15, 2006
    #2
    1. Advertising

  3. Jerry C

    Jerry C Guest

    Thanks for the reply.

    This server is not on the domain. I think I understand what to do for Users
    with companion accounts but now what do I do with users that use a browser
    that does not send user id like mac users. How can I tell the difference. I
    want to use a custom login page and don't want the user to get the login
    popup from the server.

    --
    Jerry


    "Luke Zhang [MSFT]" wrote:

    > Hello Jerry,
    >
    > Is the stand alone server also in the domain? If not, the domain users are
    > not able to be authenticated directly. You may need a login form for them
    > to input user name, password and domain name. In the login form, you may
    > query AD and verify the user.
    >
    > For other users (With companion account on the stand alone server) , you
    > may provide a link on the login form, and pointing to a page with windows
    > authentication. In this page, set the Context.User:
    >
    > GenericPrincipal principal = new GenericPrincipal(id, groups);
    >
    > Context.User = principal;
    >
    > And then, redirect to other pages.
    >
    > Regards,
    >
    > Luke Zhang
    > Microsoft Online Community Support
    >
    > ==================================================
    > When responding to posts, please "Reply to Group" via your newsreader so
    > that others may learn and benefit from your issue.
    > ==================================================
    >
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    Jerry C, Jun 15, 2006
    #3
  4. Hello Jerry,

    I found this issue is related to another thread from you, so I replied same
    in the two threads:

    The login popup dialog is generated by IE and IIS. When we see the dialog,
    the web application is not really "touched": when we enable the windows
    authentication, IIS will require IE send windows authentication token, if
    IIS didn't find one (for example, a user from unknown AD), it will return
    IE an error message, and the login popup dialog will be displayed in IE.
    So, what we can do in the ASP.NET application, wouldn't change this
    behavior.

    How about this: you may have a main "entry" form, user can select his
    source by himself, for example, he can select if he is a user with
    companion account, or a AD user which need to be authenticated with form.
    If user select "companion account", you may redirect him to a windows
    authentication webform. For others, redirect him to a login form.

    Regards,

    Luke Zhang
    Microsoft Online Community Lead

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Luke Zhang [MSFT], Jun 16, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bradley
    Replies:
    1
    Views:
    852
    Peter Rilling
    Jun 8, 2005
  2. =?Utf-8?B?V2lsbGlhbSBTdWxsaXZhbg==?=

    redirect unauthenticated users from frameset child pages?

    =?Utf-8?B?V2lsbGlhbSBTdWxsaXZhbg==?=, Nov 2, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    1,005
    =?Utf-8?B?V2lsbGlhbSBTdWxsaXZhbg==?=
    Nov 2, 2005
  3. Keithb
    Replies:
    0
    Views:
    434
    Keithb
    Oct 28, 2006
  4. Penguini
    Replies:
    2
    Views:
    673
    Penguini
    Dec 3, 2007
  5. Klaus Jensen
    Replies:
    1
    Views:
    390
    Steve C. Orr [MCSD, MVP, CSM, ASP Insider]
    Jun 19, 2008
Loading...

Share This Page