Choosing Integrated vs. Forms authentication dynamically

R

Rob Blitz

I'd like to have my (intranet) application's users choose to use their NT
Login account credentials or specify another UserID/password combo on the
app's login page. Is this possible? So far, I've only seen ASP.NET examples
where you have either integrated Windows authentication OR Forms specified
in webconfig.xml.

Use a custom HTTPHandler or HTTPModule?

If anyone can paint a simple picture of how this can be done I'd appreciate
it.
 
M

MSFT

Hi Rob,

I think you may make the user make the choice on the login form. For
example, there are two options: 1. with default windows account; 2, specify
a special windows account with name and password. On server side, you can
get the informaiton from login form and authenticate the credential. For
detailed information, you may refer to this KB article:

HOW TO: Authenticate against the Active Directory by Using Forms
Authentication and Visual Basic .NET
http://support.microsoft.com/default.aspx?kbid=326340

Hope this help,


Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
R

Rob Blitz

Luke,
Thanks for the response.

So I would create a form that had, say, an "auto login" button that says
something like "Login as user logged into this machine" and right below it
would be the second alternative, which would be a form with inputs fields
for user id and password with a button that says "Login as another user".
The second alternative allows me to go to a coworkers workstation where they
were logged in, and login as myself rather than using their NT logon token.

Now, I have to choose windows OR forms authentication in web.config; I can't
use both. If I do as the KB article suggests, I use forms authentication.
But if I do this, my "auto login" button won't work. What I'm really after
here is a way to allow a user to not have to input their user id and
password if they are already logged in on that machine while at the same
time, allowing users to do an explicit authentication as any user.

I've seen this done in MS Project Server's web interface.

Rob
 
M

MSFT

Hi Rob,

I think you may choose Form authentication only. When user choose "auto
login", you can get his account from Request object's ServerVariables
Property and its IsAuthenticated property.

On IIS virtual folder, you can set integrated windows authentication; In
web.config, you can set form authentication.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Integrated Authentication with SQL 8
forms authentication brings up dialog 0
Forms authentication credentials fail 5
How to Clear the Integrated Windows authentication credential in . 3
Forms Authentication Using SQL Server 2000 Database 2
Password changes: Forms Authentication & AD membership provider 0
Forms Authentication - Reporting Services Web Service integration 2
Login Control / Forms Authentication with ActiveDirectoryMembersh 0

Members online

No members online now.
Total: 77 (members: 1, guests: 76)
Robots: 58

Forum statistics

Threads
474,266
Messages
2,571,079
Members
48,772
Latest member
Backspace Studios

Latest Threads

Top