Override Windows auth using global.asax?

G

gbrowins

Here's my environment
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727

IIS website uses MOSS 2007 "Team Site" template and has only IWA
enabled. Web.config has Windows auth w/ Impersonation:
<authentication mode="Windows" />
<identity impersonate="true" />

IE HTTP headers shows that NTLM authentication occurs for workstation
user. In global.asax, I've defined
WindowsAuthentication_OnAuthenticate() and can see incoming the
Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType =
Negotiate
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>

I'm using the KerbS4U extension to create a new WindowsIdentity which
is then used to create a WindowsPrincipal for the new/overriding user:
WindowsIdentity winid = new WindowsIdentity("(e-mail address removed)");
WindowsPrincipal princ = new WindowsPrincipal(winid);

These succeed and I set the new principal to HttpContext.Current.User
& Thread.CurrentPrincipal without errors. I've defined both
Application_AuthenticateRequest() and
Application_PostAuthenticateRequest() functions in global.asax. These
show the "new" Identity in the HttpContext.Current.User &
Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the
upper-right menu of the default.aspx homepage itself still shows the
name from the initial IWA!

Does anyone have any ideas about where this is breaking down?

-Gregg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
474,053
Messages
2,570,431
Members
47,075
Latest member
TysonV438

Latest Threads

Top