Override Windows auth using global.asax?

Joined
Jun 28, 2010
Messages
1
Reaction score
0
Here's my environment
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727

IIS website uses MOSS 2007 "Team Site" template and has only IWA enabled. Web.config has Windows auth w/ Impersonation:
Code:
   <authentication mode="Windows" />
   <identity impersonate="true" />

IE HTTP headers shows that NTLM authentication occurs for workstation user. In global.asax, I've defined WindowsAuthentication_OnAuthenticate() and can see incoming the Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType = Negotiate
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>


I'm using the KerbS4U extension to create a new WindowsIdentity which is then used to create a WindowsPrincipal for the new/overriding user:
Code:
   WindowsIdentity winid = new WindowsIdentity("[email protected]");
   WindowsPrincipal princ = new WindowsPrincipal(winid);

These succeed and I set the new principal to HttpContext.Current.User & Thread.CurrentPrincipal without errors. I've defined both Application_AuthenticateRequest() and Application_PostAuthenticateRequest() functions in global.asax. These show the "new" Identity in the HttpContext.Current.User & Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the upper-right menu of the default.aspx homepage itself still shows the name from the initial IWA!

Does anyone have any ideas about where this is breaking down?

-Gregg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,813
Messages
2,569,696
Members
45,483
Latest member
TedDvb6626

Latest Threads

Top