Re: Authentication Nightmare

From: Terry Horner (hornertl@mentorschools.org)
Date: 09/27/02 

From: "Terry Horner" <hornertl@mentorschools.org>
Date: Fri, 27 Sep 2002 08:52:55 -0400

If an ISAPI filter is already in place for that particular directory, how
can I get away with changing the AppMappings to have the necessary files run
under the asp.net filter? I attempted to change the AppMappings and
realized that the ISAPI filter was not functioning correctly after the
change, so I had to change the mappings back.

Also, how do I pass the authenticated credentials I already have to IIS?

"bruce barker" <nospam_brubar@safeco.com> wrote in message
news:Ov3lktXZCHA.2532@tkmsftngp12...
> asp.net security only applies to asp.net pages. if the user references any
> non asp.net file (say foo.htm or foo.txt) IIS security takes over. If you
> want asp.net security for a whole dir, you need to set asp.net which is
> implemented as an iis filter to filter all files. Under site properties
look
> at AppMappings.
>
> -- bruce (sqlwork.com)
>
>
> "Terry Horner" <hornertl@mentorschools.org> wrote in message
> news:uGqwGwWZCHA.1560@tkmsftngp10...
> > I've been going round and round with this authentication business to no
> > avail. Here's what I'm trying to do:
> >
> > 1. I have a basic login page in which the user enters their username
and
> > password (http://www.mysite.com/login.aspx).
> > 2. The user is authenticated against active directory which works fine
> > (let's use user jdoe).
> > 3. The user is then redirected to a personal directory
> > (http://www.mysite.com/jdoe) which is protected by NTFS secuirty
> > permissions.
> >
> > The place where I'm running into problems is number three. I need for
the
> > user to be able to have access to their home directory without having to
> > login again via the NT challenge/response once they have already logged
in
> > via login.aspx. I've tried every combination of settings in IIS and
none
> > seem work. Here's the things I've tried:
> >
>
> --------------------------------------------------------------------------
> --
> > ---------------
> > 1. Impersonation. I have been successful in impersonating users based
on
> > credentials, however I continue to get the challenge/response while I'm
> > impersonating the user and trying to redirect to their personal
directory.
> > I succesfully logon by using the advapi32.dll library during this
process.
> >
> > Code:
> > IntPtr nptrUserToken1;
> >
> > bool bLoggedOn =
LogonUser(this.UserName,this.Domain,this.Password,3,0,out
> > nptrUserToken1);
> >
> > int nptrUserToken3 = (int) nptrUserToken1;
> > IntPtr nptrUserToken2 = new IntPtr(nptrUserToken3);
> >
> > WindowsIdentity widCurrentIdentity = WindowsIdentity.GetCurrent();
> > WindowsIdentity widTempIdentity = new WindowsIdentity(nptrUserToken2);
> > WindowsImpersonationContext wicIdentity = widTempIdentity.Impersonate();
> > WindowsIdentity widNewIdentity = WindowsIdentity.GetCurrent();
>
> --------------------------------------------------------------------------
> --
> > ---------------
> >
> > 2. NetworkCredentials. I have tried using a WebResponse to scrape a
> > specific page in directory and emulate the content using index.aspx.
> Still
> > I get a challenge/response.
> >
> > Code:
> > NetworkCredential netcCredential = new
> > NetworkCredential(this.UserName,this.Password,this.Domain);
> > CredentialCache credcCache = new CredentialCache();
> > Uri uriMail = new Uri("http://www.mysite.com/" + this.UserName + "/");
> > credcCache.Add(uriMail,"Ntlm",netcCredential);
> > WebRequest webRequest = WebRequest.Create(uriMail);
> > webRequest.Credentials = credcCache;
> > webRequest.PreAuthenticate = true;
> >
> > // Screen scrape code goes here
>
> --------------------------------------------------------------------------
> --
> > ---------------
> >
> > 3. GenericPrincipal. I've set the HttpContext.Current.User to the
> > impersonated windows user after authentication and still receive the
> > challenge/response.
> >
> > Code:
> > GenericIdentity gpIdentity = new
> > GenericIdentity(widNewIdentity.Name,"Ntlm");
> >
> > String[] userRoles = {"clientuser"};
> > HttpContext.Current.User = new GenericPrincipal(gpIdentity,userRoles);
>
> --------------------------------------------------------------------------
> --
> > ---------------
> >
> > The code above is pretty much verbatim from various sites and
newsgroups.
> > What am I missing? Can I add authentication to the response headers for
> > each individual page? Do I need to?
> >
> > I'll give my first born to someone that can help me find the answer!
> > Thanks!
> >
> > Terry
> >
> >
>
>

Relevant Pages

  • Re: ISAPI Authentication
    ... Authentication and an ISAPI filter. ... Authentication with an anonymous user, ... encrypt the credentials before the client returns the ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISAPI Authentication
    ... The job of your authentication filter is to accept ... non-Windows credentials from the client and then map them to a Windows ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISAPI Authentication
    ... There are lots of ways to implement authentication filters on ISAPI. ... Your filter can then change them to whatever username ... client will be sent in the clear. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Multiple Login Prompts Opening MS Documents
    ... It would essentially be a filter that resides in front of the WSS ISAPI ... authentication and others because you can trigger several other events, ... that kept the credentials persitant, however there is no way to make it ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: ISA 2004 HTTP Filter
    ... NTFS security will not help in this case, ... The problem is that I need to filter only the part with the domain name ... I want to allow authentication only with a user from a specific domain, ... The easiest way to achieve this if you're using IIS would be to leave ISA ...
    (microsoft.public.isa)