Hi Brad
Thanks for the tip!
I have tried you solution and I could not make it work. But combining my old
solution and yours actually worked. My solution is based on windows
authentication with anonymous user. Only thing I missed was how to be sure
that user is coming from intranet or from extranet. So, the part of your
code regarding dns was missing link ;-)
If you are interested in complete solution (or anyone else) I can post it
here or send you on email. Here is only brief description.
Best regards,
PV
Solution in brief, not completed, optimized and commented yet.
----------------------------------------------
IIS settings:
Anonymous access: turned ON
Account used for anonymous access: DOMAIN\iisauth (new domain
whose only purpose is to access as anonymous)
Password: of course password of the 'iisauth' user
Allow IIS to control password: turned OFF
Integrated Windows authentication: ON
WEB Config:
<configuration>
<appSettings>
<add key="DOMAIN_NAME" value="DOMAIN" />
<add key="ANONYMOUS_IISAuth" value="iisauth"/>
</appSettings>
....
<system.web>
..
<identity impersonate="true" />
<authentication mode="Windows"/>
<authorization>
<deny users ="?" />
<allow users ="*" />
</authorization>
..
Globalasax.cs:
private string DOMAIN_NAME =
System.Configuration.ConfigurationSettings.AppSettings["DOMAIN_NAME"];
private string ANONYMOUS_IISSpirelloAuth =
System.Configuration.ConfigurationSettings.AppSettings["ANONYMOUS_IISAuth"];
private FormsAuthenticationTicket _authTicket;.
..
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
SetCurrentAuthUser();
}
..
..
private void SetCurrentAuthUser() // set user from cookie
{
if (!User.Identity.IsAuthenticated)
{
string cookieName =
FormsAuthentication.FormsCookieName;
HttpCookie authCookie =
Context.Request.Cookies[cookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket =
null;
try
{
authTicket =
FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception exp)
{
return;
}
if (authTicket == null)
{
return;
}
SetContextUser(authTicket);
}
else
{
if (WindowsIdentity.GetCurrent().Name ==
DOMAIN_NAME + "\\" + ANONYMOUS_IISSpirelloAuth)
{
SetAuthCookie(DOMAIN_NAME +
"\\" + ANONYMOUS_IISSpirelloAuth);
bool isDomainUser = false;
// Check if client computer
is on coming from our network
try
{
System.Net.IPAddress
clientIPAddress = System.Net.IPAddress.Parse(Request.UserHostAddress);
string dnsName =
System.Net.Dns.GetHostByAddress(clientIPAddress).HostName;
// create a list
of domain user could come from.
// if network
has only one domain then just do the IndexOf without a For/Each
string[] mask =
new string[] {"localhost", "DOMAIN", "domain"};
foreach (string
dnsMask in mask)
{
if
(dnsName.IndexOf(dnsMask) >= 0)
isDomainUser = true;
}
}
catch (Exception ex)
{
}
if (!isDomainUser)
SetContextUser(_authTicket);
}
}
}
}
private void SetContextUser(FormsAuthenticationTicket authTicket)
{
GenericIdentity id = new GenericIdentity (authTicket.Name,
"LdapAuthentication");
string[] groups = new String[] {"everyone"};
GenericPrincipal principal = new GenericPrincipal(id, groups);
Context.User = principal;
}
private void SetAuthCookie(string userName) // bind auth cookie
{
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket
(
1, // version
userName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false,
userName // group actually
);
_authTicket = authTicket;
string encryptedTicket = FormsAuthentication.Encrypt
(authTicket);
HttpCookie authCookie =
new HttpCookie
(
FormsAuthentication.FormsCookieName, encryptedTicket
);
Response.Cookies.Add(authCookie);
}