single web app for both external users and domain users

Discussion in 'ASP .Net' started by bitshift, Jun 22, 2007.

  1. bitshift

    bitshift Guest

    Ive been asked to allow internal (domain authenticated) users to get in to
    my asp.net web application, while everyone else should use the login form.
    One way ive seen others doing this, is to configure the application in IIS
    to use windows authentication, uncheck anonymous, so as to have the browser
    pass in the User.Identity value.

    Then, when when a visotor hits the site, I can check if we have a domain
    user with the User.Identity, and automatically log them in using a common
    login name that is setup in the database. If the user.Identity is empty,
    then force them to login as usual.

    Sound reasonable ?
     
    bitshift, Jun 22, 2007
    #1
    1. Advertisements

  2. bitshift

    bruce barker Guest

    its much tricker than this. if you turn off anonymous, no one can access
    the site with a successful domain login.

    for the browser to send credentials, the server must send a 401 (access
    denied). the browser then send some credentials. the server will return
    another 401 if invalid, so the user can try again.

    if you turn on anonymous, then iis never sends a 401 and the browser
    will never send the user credentials.

    the easiest solution is if the users ipaddress is internal, send a 401,
    if not redirect to forms login.

    -- bruce (sqlwork.com)




    bitshift wrote:
    > Ive been asked to allow internal (domain authenticated) users to get in to
    > my asp.net web application, while everyone else should use the login form.
    > One way ive seen others doing this, is to configure the application in IIS
    > to use windows authentication, uncheck anonymous, so as to have the browser
    > pass in the User.Identity value.
    >
    > Then, when when a visotor hits the site, I can check if we have a domain
    > user with the User.Identity, and automatically log them in using a common
    > login name that is setup in the database. If the user.Identity is empty,
    > then force them to login as usual.
    >
    > Sound reasonable ?
    >
    >
     
    bruce barker, Jun 22, 2007
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ABC
    Replies:
    1
    Views:
    956
    Richard Dudley
    Oct 24, 2005
  2. JonnyD
    Replies:
    16
    Views:
    945
    Paul Clement
    Oct 31, 2005
  3. Replies:
    1
    Views:
    574
    Patrice
    Feb 9, 2007
  4. Monty
    Replies:
    14
    Views:
    908
    Walter Wang [MSFT]
    Jun 22, 2007
  5. ABCL
    Replies:
    0
    Views:
    766
  6. Warren Tang
    Replies:
    8
    Views:
    711
    George
    Nov 17, 2008
  7. annalissa

    both internal and external linkage

    annalissa, Dec 29, 2009, in forum: C Programming
    Replies:
    2
    Views:
    1,212
    Kaz Kylheku
    Dec 30, 2009
  8. ABC
    Replies:
    1
    Views:
    514
    Patrick.O.Ige
    Oct 31, 2005
Loading...