Controlling the Login Experience

[Guest]

I want to use Windows authentication, but I'd like control over what the
login screen looks like, rather than the default login dialog box. Is this
possible? Thanks.

Also, if I use integrated windows authentication, can I force the user to
login rather than having the browser assume the credentials of the curently
logged on user? If I use Basic Auth in IIS, they always get a login prompt,
but then I have the clear text issue.

Thanks.

Jerry

 

[Henning Krause [MVP]]

Hello,

answers inline.

I want to use Windows authentication, but I'd like control over what the
login screen looks like, rather than the default login dialog box. Is
this
possible? Thanks.

This is not directly possible. The only solution I see is to use some sort
of form based authentication and validate those credentials against Windows
(via Interop to LogonUser()). But you should only do this with SSL
encryption, otherwise you'll have that clear text password problem again.

Also, if I use integrated windows authentication, can I force the user to
login rather than having the browser assume the credentials of the
curently
logged on user? If I use Basic Auth in IIS, they always get a login
prompt,
but then I have the clear text issue.

This is a browser setting: In the security tab in the Internet Explorer
options, each zone has a settings controlling the behaviour. Default setting
is "Automatic logon only in Intranet Zone only". If you set this to "Prompt
for username and password" the user will be asked for his credential each
time.

But you cannot control this from the server side.

 

[Joe Kaplan \(MVP - ADSI\)]

Note that Microsoft's new ADFS single sign on/federation system in R2
actually implements something like this. It has a forms-based login
capability that integrates with Windows security if you want it to. I'm not
sure I would try to implement it though unless you want the features it is
trying to provide (federation and SSO). It is non-trivial to set up.

Joe K.