Forms authentication with Active Directory


A

Author

In my web application I use forms authentication with active
directory. This is working just fine.

Because only a small subset of our domain users are allowed to access
the web application, I keep a Users table for the application in the
SQL Sever 2005 database.

The rationale is this:

After a user is AD-authenticated, I check if the user name exists in
the Users table in the database, if not, I would like to fail the
authentication.

Here is what I am doing:

In the Login.aspx page, I have a login control, and there is nothing
in the code-behind.

Once a user is AD-authenticated, the application redirects the user to
Default.aspx, because in web.config I have

<authentication mode="Forms">
<forms
name=".ADAuthCookie" loginUrl="Login.aspx"
defaultUrl="Default.aspx"
timeout="10" />
</authentication>

In Default.aspx.cs, I check if the user is in the Users table in the
database. If not, I kick the user back to the Login.aspx page through
this:

Session.Abandon();
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();

But, how do I nicely show the FailureText of the Login control if the
user is AD-authenticated, but not in the Users table?

I hope that I have made the situation clear. Thank you.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top