Why Code Authentication At All?

[Brian]

Please pardon my ignorance with this one, but I am pounding my head
against System.DirectoryServices and have an idea. Why not simply turn
off "Anonymous User" access to my website, and let Windows provide the
login of the person viewing the page through a call to
Request.ServerVariables("LOGON_USER")?

I am stuck in the middle of a set of problems with authenticating
users and wonder why I am doing this at all?

TIA,

Brian

 

[Joe Kaplan \(MVP - ADSI\)]

The reason you would not use Windows/IIS authentication is that you either
don't want to or can't. Sometimes, the customer wants forms authentication,
sometimes there are issues with Windows auth (your server is in a DMZ and
isn't a domain member or something).

However, if you can use Windows auth, then by all means do so. Also, you
don't need to read the server variables to get the users name. Just do
Context.User.Identity.Name. Additionally, you can check the Windows group
membership of with Context.User.IsInRole. IIS and ASP.NET do all the
plumbing for you.

If you really do need to use S.DS to do LDAP authentication (need forms
auth, using ADAM or non-MS LDAP, etc.), microsoft.public.adsi.general is a
good newsgroup to ask those questions. It is an equal opportunity .NET/COM
group.

Joe K.

 

[Brian]

Thanks!
I feel so much better about the mountains of code I have inherited
at my company. I agree with their intentions. The end result looks
like a "pig on roller skates", but I see where they were going.

Brian