Seriously: Allowing anonymous and authenticated and anonymous access (somehow related to ASP.NET)

From: Ed Maillet (emaillet@_nospam_.unum.com)
Date: 07/19/02 

From: "Ed Maillet" <emaillet@_nospam_.unum.com>
Date: Fri, 19 Jul 2002 14:46:11 -0700

The answer is write an ISAPI filter. When used in
conjunction with IIS setting of Windows Integrated, it'll
do exactly what you want.

Anonymous users get to anonymous content.
Intranet users access items seemlessly.
Non-intranet users get redirected to a login page.

In order to assign permissions using NTFS, non-intranet
users must have a Windows/AD account for them to login to.

The details of a filter are a bit much to handle here but
here look at the CHttpFilter methods for:
OnPreProcessHeaders
OnAuthenticate (this method gets bypassed for intranet
users automatically)
OnSendResponse (trap the 401 and redirect to login)

>-----Original Message-----
>Hi experts,
>
>first of all excuse the cross post, but I hope and feel
to get help from
>all these groups.
>
>I have been thinking about this problem for quite a long
time now ...
>but I seem to go around in circles.
>The following scenario is given:
>my application (portal-like) allows access to all
(anonymous) users by
>default. But then there are some pages that require
explicit authentication.
>It must be possible to use Windows Integrated
Authentication in IIS to
>enable Intranet users a seamless workflow (without having
to login to
>the Web app through a seperate page). When the user is
not an Intranet
>user then I have to 'redirect' him to a login page
(ASP.NET forms
>based-like). Everything on a single code base, no
seperate Web or things
>like that.
>
>How do I do this?
>I have been trying out about 3469 settings in IIS and
ASP.NET web.config
>.... and must say that I am _not_ an absolute beginner ;-
) But I cannot
>figure out the right way to go.
>One problem I see is that when both Anonymous and Windows
Integrated are
>enabled in IIS, then _always_ Anonymous i used!? Ah, of
course I am
>using 'Windows' in web.config's authentication section :-)
>I also played around with the 'send a 401 back'. This
works, then I get
>NTLM authentication forced. But I then need a step to
determine that it
>is _not_ a Windows user and redirect him to the login
page (therefore
>anonymous -> authenticated -> anonymous).
>
>I hope my problem gets clear.
>
>Thanks a lot and cheers,
>Christian
>---
>http://www.xmlwebservices/
>
>.
>

Relevant Pages

  • Re: Can login domain be set to a default?
    ... need for specifying a login domain. ... accounts of the IIS box (and the login process needs a way to ... cannot specify a default domain for Windows integrated authentication ... > The internal domain for the three servers is different than the web site ...
    (microsoft.public.windows.server.security)
  • Re: Windows Authentication method on IIS6
    ... The microsoft.public.windows.server.* groups deal with Windows 2003 ... The microsoft.public.inetserver.* groups deal with IIS ... > the authentication button, ... You can configure either one or multiple realm names on a server running IIS ...
    (microsoft.public.win2000.security)
  • Re: How to access Windows IIS User Info with Perl
    ... but the IIS server is configured for Windows ... allowed for Basic Authentication, Windows Authentication (or whatever ... Do you know if they are part of a standard ...
    (comp.lang.perl.misc)
  • Windows Authentication with IIS on separate machines
    ... Yes, setting Basic Authentication in IIS works, but the ... >in SQL server but doesn't work if user account was ... >imported from a Windows account. ...
    (microsoft.public.sqlserver.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... IIS Resource Guide). ... I next looked a little into Windows 2003. ... IMHO, the label on the option, "Enable Integrated Windows Authentication", ... the documentation leads one to ...
    (microsoft.public.inetserver.iis.security)