membership and redirect of unauthenticated requests

[Jerry C]

I am trying to implment membership.

The problem I am having is setting up the authentication and authorization
section.
I may have misunderstood this class.

I want to have a user that is using IE and is a member of the domain or if
there is a stand alone server that has a companion account on the server with
the same username and password as their workstation. To go to the defaultUrl
and be authorized by integrated windows (IE is setup to login). This works
for these users if I set the properties of the defaultUrl page to integrated
windows. But the other users do not get redirected they only get a login
popup from the server. I then wanted to use active directory membership to
authenticate them.

Can you give me some direction on how to do this.

Thank you.

 

[Luke Zhang [MSFT]]

Hello Jerry,

Is the stand alone server also in the domain? If not, the domain users are
not able to be authenticated directly. You may need a login form for them
to input user name, password and domain name. In the login form, you may
query AD and verify the user.

For other users (With companion account on the stand alone server) , you
may provide a link on the login form, and pointing to a page with windows
authentication. In this page, set the Context.User:

GenericPrincipal principal = new GenericPrincipal(id, groups);

Context.User = principal;

And then, redirect to other pages.

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Jerry C]

Thanks for the reply.

This server is not on the domain. I think I understand what to do for Users
with companion accounts but now what do I do with users that use a browser
that does not send user id like mac users. How can I tell the difference. I
want to use a custom login page and don't want the user to get the login
popup from the server.

 

[Luke Zhang [MSFT]]

Hello Jerry,

I found this issue is related to another thread from you, so I replied same
in the two threads:

The login popup dialog is generated by IE and IIS. When we see the dialog,
the web application is not really "touched": when we enable the windows
authentication, IIS will require IE send windows authentication token, if
IIS didn't find one (for example, a user from unknown AD), it will return
IE an error message, and the login popup dialog will be displayed in IE.
So, what we can do in the ASP.NET application, wouldn't change this
behavior.

How about this: you may have a main "entry" form, user can select his
source by himself, for example, he can select if he is a user with
companion account, or a AD user which need to be authenticated with form.
If user select "companion account", you may redirect him to a windows
authentication webform. For others, redirect him to a login form.

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)