Securing a ASP web application

Discussion in 'ASP General' started by Graeme Coutts, Jun 14, 2004.

  1. Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
    Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
    Anyone care to offer a solution?
     
    Graeme Coutts, Jun 14, 2004
    #1
    1. Advertising

  2. Graeme Coutts

    Jeff Dillon Guest

    You would need both Anonymous and Integrated Authentication turned on.

    Jeff

    "Graeme Coutts" <Graeme > wrote in message
    news:...
    > Developed a web application which adopts a custom security model which

    displays a login page and requests a username/password combination. The
    username works in a mixed-mode of usernames matched with the windows login
    name and some extra accounts (similar to SQL mixed-mode security). Web
    application is executed both in the corporate intranet and externally on the
    web.
    > Getting user complaints about having to login to the web application when

    they have already logged-on to windows. I have coded a challenge/response
    (response.status=401) to get a user's window login through the
    ServerVariables. This seems to work OK for the intranet access. If the
    user's windows account is not located in the application database then I
    redirect to the standard login page for the username/password combination.
    When the application is executed across the internet through a firewall, the
    user is prompted by IE to enter the windows domain, username, and password.
    There seems to be no mechanism to avoid this because of the
    challenge/response code. I wish that with external access from the internet
    that users are automatically directed to the application login screen and
    not faced with the IE windows authentication dialog.
    > Anyone care to offer a solution?
     
    Jeff Dillon, Jun 14, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TK
    Replies:
    1
    Views:
    424
    Hans Kesting
    Jun 24, 2004
  2. Trevor Benedict R
    Replies:
    1
    Views:
    400
    MasterGaurav
    Oct 23, 2005
  3. Ricky

    Securing Web application

    Ricky, Aug 25, 2003, in forum: Java
    Replies:
    2
    Views:
    367
    Ricky
    Aug 26, 2003
  4. Gunawan

    Securing ASP.NET Web Apps

    Gunawan, Jul 11, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    353
    Eliyahu Goldin
    Jul 18, 2006
  5. Xarky

    Securing an ASP.Net application

    Xarky, Apr 26, 2005, in forum: ASP .Net Security
    Replies:
    15
    Views:
    208
    Dominick Baier [DevelopMentor]
    Apr 28, 2005
Loading...

Share This Page