HI, Dominick. Thanks for responding.
You said that I "can get rid of the windows dialog, even with
basic", my question is "How"?
Thanks again,
Mike
"Dominick Baier [DevelopMentor]"
Hello Mike,
a) you can get rid of the windows dialog, even with basic - but
that means calling LogonUser to authenticate against AD, which
would also give you a token to construct a WindowsPrincipal for
"delegation"
b) in theory you can also use integrated and configure IE to send
credentials automatically (theory=users must be logged onto the
domain - keep alives have to be enabled between web server and
client)
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi, Dominick.
The application is intended for our salesmen, and they are domain
users, and therefore I would like to use the WindowsPrincipal
object instead of GenericPrinciple, for purposes of delegation.
Although Basic Auth would only "natively" give me a one-hop
delegate, I would still like to have IIS authenticate against
Active Directory.
Of course, if one of the "higher-ups" insists on a
friendly-looking sign-in page, then Forms Authentication will be
the way.
Mike
"Dominick Baier [DevelopMentor]"
Hello WJ,
what do you mean by "does not protect you system"?? can you
elaborate?
it is all a matter of where you store your user accounts, if you
store them in some windows backed store (LSA, Domain) then you
have to resort to some IIS authentication. And basic is the one
with the broadest compatibility. Of course, keep in mind that
basic auth transmits the password in clear text, so you HAVE to
layer SSL of basic auth.
One gotcha is, that you have to live with the window login dialog
- i can give you code to do that, if you really want to go this
route. But this would mean that you have to do auth yourself.
Another option is to use Forms Authentication, typically with
user accounts stored in a database. This allows out of the box to
provide your own login UI - again you have to do auth yourself.
maybe this clear it up a little bit. feel free to ask.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Form Authentication will serve your purpose ad this requires
Anonymous instead of Basic. Keep in mind that Basic Auth. does
not protect your system.
John
Hello.
I'm creating a site that has basic authentication. Is it
possible to have a custom login page display instead of the
Windows login page?
Thanks in advance,
Mike