windows authentication with forms

Discussion in 'ASP .Net Security' started by dennisG, Aug 23, 2005.

  1. dennisG

    dennisG Guest

    Hi,

    I have a problem with windows authentication, with a web based form. I
    can logon with the function logonuser with my username, password and
    domain, but I don't get the windows rights of my windows account. I've
    looked to different websites, but it doesn't solved my problem.

    My code, function that works on the login button
    Private Sub cmdLogin_Click(ByVal sender As System.Object, ByVal
    e As System.EventArgs) Handles cmdLogin.Click
    Dim username As String = txtUsername.Text
    Dim password As String = txtPassword.Text
    Dim domain As String = "Domainname"

    If ValidateLogin(username, password, domain) = True Then
    FormsAuthentication.RedirectFromLoginPage(username,
    chkRemember.Checked)
    Else
    lblError.Visible = True
    End If
    End Sub


    And validation function:
    Private Function ValidateLogin( _
    ByVal Username As String, _
    ByVal Password As String, _
    ByVal Domain As String) As Boolean

    Try
    Dim token1 As New IntPtr
    Dim loggedOn As Boolean = LogonUser(Username, Domain,
    Password, 2, 0, token1)
    Dim token2 As New IntPtr
    token2 = token1
    Dim wi As WindowsIdentity
    Dim wp As WindowsPrincipal
    wi = New WindowsIdentity(token2)
    wp = New WindowsPrincipal(wi)
    HttpContext.Current.User = wp
    Return True

    Catch When Err.Number <> 0
    Return False
    End Try
    End Function


    What I'm doing wrong, what I'm missing?

    Thanks,
    Dennis
     
    dennisG, Aug 23, 2005
    #1
    1. Advertising

  2. If you want code to execute with the security context of the user, you also
    need to impersonate them as well using WindowsImpersonationContext.

    Also, remember that the forms auth login here works on the initial request,
    but you'll need to find a way to call LogonUser on each subsequent request
    as well, presumably by storing their plaintext credentials in an encrypted
    cookie or session state or something so you can retrieve them again.

    Joe K.

    "dennisG" <> wrote in message
    news:...
    > Hi,
    >
    > I have a problem with windows authentication, with a web based form. I
    > can logon with the function logonuser with my username, password and
    > domain, but I don't get the windows rights of my windows account. I've
    > looked to different websites, but it doesn't solved my problem.
    >
    > My code, function that works on the login button
    > Private Sub cmdLogin_Click(ByVal sender As System.Object, ByVal
    > e As System.EventArgs) Handles cmdLogin.Click
    > Dim username As String = txtUsername.Text
    > Dim password As String = txtPassword.Text
    > Dim domain As String = "Domainname"
    >
    > If ValidateLogin(username, password, domain) = True Then
    > FormsAuthentication.RedirectFromLoginPage(username,
    > chkRemember.Checked)
    > Else
    > lblError.Visible = True
    > End If
    > End Sub
    >
    >
    > And validation function:
    > Private Function ValidateLogin( _
    > ByVal Username As String, _
    > ByVal Password As String, _
    > ByVal Domain As String) As Boolean
    >
    > Try
    > Dim token1 As New IntPtr
    > Dim loggedOn As Boolean = LogonUser(Username, Domain,
    > Password, 2, 0, token1)
    > Dim token2 As New IntPtr
    > token2 = token1
    > Dim wi As WindowsIdentity
    > Dim wp As WindowsPrincipal
    > wi = New WindowsIdentity(token2)
    > wp = New WindowsPrincipal(wi)
    > HttpContext.Current.User = wp
    > Return True
    >
    > Catch When Err.Number <> 0
    > Return False
    > End Try
    > End Function
    >
    >
    > What I'm doing wrong, what I'm missing?
    >
    > Thanks,
    > Dennis
    >
     
    Joe Kaplan \(MVP - ADSI\), Aug 23, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,562
    Tommy
    Feb 13, 2004
  2. Dadi
    Replies:
    2
    Views:
    205
    Scott Scott
    Sep 16, 2003
  3. jfer
    Replies:
    3
    Views:
    582
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
  4. Eric
    Replies:
    2
    Views:
    643
  5. Michael D. Ober
    Replies:
    6
    Views:
    313
    Michael D. Ober
    Oct 30, 2006
Loading...

Share This Page