Override Windows auth using global.asax?

Jun 28, 2010
Reaction score
Here's my environment
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727

IIS website uses MOSS 2007 "Team Site" template and has only IWA enabled. Web.config has Windows auth w/ Impersonation:
   <authentication mode="Windows" />
   <identity impersonate="true" />

IE HTTP headers shows that NTLM authentication occurs for workstation user. In global.asax, I've defined WindowsAuthentication_OnAuthenticate() and can see incoming the Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType = Negotiate
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>

I'm using the KerbS4U extension to create a new WindowsIdentity which is then used to create a WindowsPrincipal for the new/overriding user:
   WindowsIdentity winid = new WindowsIdentity("[email protected]");
   WindowsPrincipal princ = new WindowsPrincipal(winid);

These succeed and I set the new principal to HttpContext.Current.User & Thread.CurrentPrincipal without errors. I've defined both Application_AuthenticateRequest() and Application_PostAuthenticateRequest() functions in global.asax. These show the "new" Identity in the HttpContext.Current.User & Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the upper-right menu of the default.aspx homepage itself still shows the name from the initial IWA!

Does anyone have any ideas about where this is breaking down?



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question