?
=?ISO-8859-1?Q?J=F6rn_von_Holten?=
Hi,
I have a 3-tier application design. Those tiers might all run on
different computers (windows plattform but not necessarily W2k), so
I use .NET remoting to connect them. All three parts require a login
and use sessions. So far everything works quite fine.
Now I want to use the ASP.NET 2.0 features with sessions and windows
autentification OPTIONALLY to the normal login (user, password). This
shall work on the same login screen: if the windows user working with
the IE (or Firefox or ...) and he/she is a acceptable user on all (!!!)
other tiers systems he/she shall get a login-as-windowsuser button.
a) is there a way to do this on ONE page - yes I can try to check in
as windows user first and branch to different websites if this works
or not and just ignore the pop-up-window under Firefox et al..
b) how can I transfer the WindowsIdentity via remoting and (most
important) validate them there, as I do not want to see any hackers
inside; those who might modify the WindowsIdentity or just construct
some on their own. If I try to transfer it, I get some complaints about
problems to impersonate the contained token.
any suggestions would be gratefully accepted
Joern
I have a 3-tier application design. Those tiers might all run on
different computers (windows plattform but not necessarily W2k), so
I use .NET remoting to connect them. All three parts require a login
and use sessions. So far everything works quite fine.
Now I want to use the ASP.NET 2.0 features with sessions and windows
autentification OPTIONALLY to the normal login (user, password). This
shall work on the same login screen: if the windows user working with
the IE (or Firefox or ...) and he/she is a acceptable user on all (!!!)
other tiers systems he/she shall get a login-as-windowsuser button.
a) is there a way to do this on ONE page - yes I can try to check in
as windows user first and branch to different websites if this works
or not and just ignore the pop-up-window under Firefox et al..
b) how can I transfer the WindowsIdentity via remoting and (most
important) validate them there, as I do not want to see any hackers
inside; those who might modify the WindowsIdentity or just construct
some on their own. If I try to transfer it, I get some complaints about
problems to impersonate the contained token.
any suggestions would be gratefully accepted
Joern