How to implement mixed asp.net authentication

Discussion in 'ASP .Net' started by Invalidlastname, Jul 29, 2004.

  1. Hi,

    Here is the issue: we have an ASP.NET application which is protected by Form
    authentication. The web application is hosted in the web-farm environment on
    multiple web servers. There are several asmx webservices pages used for
    inter-server communications, e.g. invalidate the cached items, status
    notifications. Since these asmx pages need to access the same application
    domain and httpcontext as primary asp.net application, the files have to be
    located in virtual directories under application root.

    questions:
    1- Is there a way to implement mixed authentications in an ASP.NET
    application? If this is possible then I can set the primary web application
    to use form authentication and helper web services to use windows
    authentication
    2- If option 1 is not possible, is there any way that application A can
    invalidate the application B's cached objects (in this case, application B
    is protected by form authentication) ?
    3- if form authentication must be used, how can I create credential and pass
    it with web services calls (in my case, this is the same application hosted
    on multiple server, the authentication ticket created on server A should be
    accepted by server B )

    Thanks

    ILN
     
    Invalidlastname, Jul 29, 2004
    #1
    1. Advertisements

  2. Hi ILN,

    As for the mixed authentication problem you mentioned, here are my
    suggestions:

    The ASP.NET Web application allow only one Authentication Mode in a single
    web application ,so we can't use Mulit Authentication setting in one web
    application.
    Since WebService can't apply FormsAuthentication, so we need to put them in
    different web appliations.

    As for how to invalid the application cache data in one Web application
    from another web application, I think one means is to provide a web page in
    the web application which is used to invalide the cache data in the
    webapplication. then, another web applicaiton which need to invalide its
    cache data can call this page to do so.

    And since the webservice is using windows authentication and the web
    application is using formsauthenticaotin, I think you can provide a
    particular login page for the webservice. It can get the username and
    password from the Request's Forms Collection(post data) to do the
    authentication. Then, in webservice we can use HttpWebRequest class to
    programmatically login the web application and use HttpWebrequest to call
    the InvalidateCache.
    How do you think of this?

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    Get Preview at ASP.NET whidbey
    http://msdn.microsoft.com/asp.net/whidbey/default.aspx
     
    Steven Cheng[MSFT], Jul 30, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.