IIS Basic Authentication/FormsAuthentication - HELP PLS!?

C

Chad Beckner

Hi everyone,

I am developing a site in which the root will be set with Anonymous &
Basic permissions. Past that I will have an application (directory) in
which I will be developing applications. In the past, I have been able to
use a ISAPI Filter to add the response headers dynamically, and add the
authentication to the request, therefore, allowing users into the secure
directory, and all of this is form based, there is no browser prompt (and it
adds it to every request, images, .htm files, .asp files, etc). Now I am
trying to do this with ASP.NET (VB), again, trying to avoid the browser
prompt, and add the authentication to every request (again, images, .htm
files, aspx files, etc). However, I have been unsuccessful using
FormsAuthentication with the directory set to Basic Authentication. I have
been able to get the FormsAuthentication to set the cookie, but when it
tries to go into the Basic secured directory, I get a browser prompt. Any
help would be greatly appreciated!! (Do I need to write another ISAPI
Filter, can I use FormsAuthentication to do this?? Suggestions?)

I have looked at hundreds of articles (or at least it seems!), and am not
100% how to write an ISAPI filter in .NET, if that needs to be done. Any
pointers to live artices, code, etc. would be very helpful.

Thanks!

Chad
 
G

Guest

Will your site be inside an Active Directory domain (intranet)?

ISAPI can be "duplicated" through HttpHandlers.
 
C

Chad Beckner

Yes, it will. the "folder" that it needs to authenticate to will have
"Basic" authentication. Do you have any examples, it would really help out.
Also, if I add the httphandler, will it "intercept" the request (for all
files) before IIS gets a hold of it? The Httphandler will be specified in
the web.config, right?

Thanks!

Chad
 
G

Guest

Right the handler will intercept files of a particular extension (i.e. .aspx,
..asp, .jpg) and you can manipulate the response however you wish. That is
setup in the config, but also you have to register the handler with IIS under
the configuration for the site.

As for Basic authentication, that would still prompt (even in Active
Directory domains). Instead try just removing anonymous access and leaving
Integrated Windows Authentication for the folder. This will only prompt folks
for their network login when they have not logged into the network.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top