D
Dadi
Hi,
I have an ASP.NET web site that uses IIS Basic Authentication and accesses
an OLAP Server at various stages. The OLAP Server authentication mechanism
relies on Windows accounts and therefore when a new user needs access to the
system we must create a new Windows user account for him.
This is a 3-year old application and at the time it was decided to let the
OLAP Server handle the filtering of information returned to the client based
on his supplied Windows user account (I wasn´t there at the time). Now I´m
trying to figure out how we can allow users from other sites enter ours
without explicitly logging in. That is, I need to make it possible for our
clients to come from a web site A, where they have been authenticated, and
enter ours by sending us the user´s credentials for authentication,
effectively making the dialog box redundant.
This puts the burden on our site to have an API of sorts (most likely just
another .aspx page) that can receive a username and password and use that to
authenticate the incoming user. What I need here is to take the credentials,
authenticate them somehow (most likely with the LogonUser API) and then do
something with the result so that after this, all calls from the user will
have the resulting Windows user credentials associated with it.
Does this call for impersonation or do I need to replace the Principal for
the entire context for this user somehow?
Any suggestions or comments truly appreciated.
Regards,
Dadi.
I have an ASP.NET web site that uses IIS Basic Authentication and accesses
an OLAP Server at various stages. The OLAP Server authentication mechanism
relies on Windows accounts and therefore when a new user needs access to the
system we must create a new Windows user account for him.
This is a 3-year old application and at the time it was decided to let the
OLAP Server handle the filtering of information returned to the client based
on his supplied Windows user account (I wasn´t there at the time). Now I´m
trying to figure out how we can allow users from other sites enter ours
without explicitly logging in. That is, I need to make it possible for our
clients to come from a web site A, where they have been authenticated, and
enter ours by sending us the user´s credentials for authentication,
effectively making the dialog box redundant.
This puts the burden on our site to have an API of sorts (most likely just
another .aspx page) that can receive a username and password and use that to
authenticate the incoming user. What I need here is to take the credentials,
authenticate them somehow (most likely with the LogonUser API) and then do
something with the result so that after this, all calls from the user will
have the resulting Windows user credentials associated with it.
Does this call for impersonation or do I need to replace the Principal for
the entire context for this user somehow?
Any suggestions or comments truly appreciated.
Regards,
Dadi.