Override Windows auth using global.asax?



Here's my environment
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727

IIS website uses MOSS 2007 "Team Site" template and has only IWA
enabled. Web.config has Windows auth w/ Impersonation:
<authentication mode="Windows" />
<identity impersonate="true" />

IE HTTP headers shows that NTLM authentication occurs for workstation
user. In global.asax, I've defined
WindowsAuthentication_OnAuthenticate() and can see incoming the
Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType =
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>

I'm using the KerbS4U extension to create a new WindowsIdentity which
is then used to create a WindowsPrincipal for the new/overriding user:
WindowsIdentity winid = new WindowsIdentity("(e-mail address removed)");
WindowsPrincipal princ = new WindowsPrincipal(winid);

These succeed and I set the new principal to HttpContext.Current.User
& Thread.CurrentPrincipal without errors. I've defined both
Application_AuthenticateRequest() and
Application_PostAuthenticateRequest() functions in global.asax. These
show the "new" Identity in the HttpContext.Current.User &
Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the
upper-right menu of the default.aspx homepage itself still shows the
name from the initial IWA!

Does anyone have any ideas about where this is breaking down?


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Latest member

Latest Threads