Re: Using both Forms and Windows Security...

From: Bassel Tabbara [MSFT] (basselt@online.microsoft.com)
Date: 01/14/03


From: basselt@online.microsoft.com (Bassel Tabbara [MSFT])
Date: Tue, 14 Jan 2003 17:00:35 GMT


Hello Michael,
Since you configured the web application to use form authentication, the
windows credentials are not passed and
User.Identity.Name returns null as expected. If you are using form
authentication, you will write code that will identify
the user since it is more a customized authentication that you are doing.

Please let me know if you have further questions?

Thanks,
Bassel Tabbara
Microsoft, ASP.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
| From: "Michael Jones" <Michael.Jones\remove.this@binadyne.de>
| References: <#oRTsG9tCHA.2040@TK2MSFTNGP11>
<8q4O3OOuCHA.2704@cpmsftngxa09>
| Subject: Re: Using both Forms and Windows Security...
| Date: Tue, 14 Jan 2003 17:18:11 +0100
| Lines: 174
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <OAwd$h#uCHA.1624@TK2MSFTNGP11>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: 195.63.72.75
| Path: cpmsftngxa09!TK2MSFTNGP08!TK2MSFTNGP11
| Xref: cpmsftngxa09 microsoft.public.dotnet.framework.aspnet.security:3631
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hallo Bassel,
|
| Thanks for your very comprehensive answer!
|
| Basically it is working fine - Yet I have still got one "little"
problem....
|
| I have created a page "Admin/Logon.aspx" which is set to "Windows
| Integrated" in die IIS.
|
| All fine so far... BUT - In the Logon.aspx.cs Page_Load method the
| User.Identity.Name is always empty (and the Mode is set to forms) So I can
| not identify the user...
|
| Any suggestions to this?
|
|
| Regards and Thanks!
|
| Michael
|
|
| "Bassel Tabbara [MSFT]" <basselt@online.microsoft.com> wrote in message
| news:8q4O3OOuCHA.2704@cpmsftngxa09...
| > Hello Michael,
| > Your scenario can be accomplished by configuring your web application
| > appropriately.
| > This can be done by using the location configuration section which can
| > specify which part
| > of the application allow users access to certain part of the
application.
| > This can be better
| > explained using an example.
| >
| > Lets say that you have the following application:
| > WebApp1
| > |
| > ------ default.aspx
| > |
| > ----- page1.aspx
| > |
| > ----- page2.aspx.
| >
| > Part a) and part b) of your requirements can be accomplished using form
| > authentication.
| > In this sample default.aspx is accessed by all internet users which
| > satisfies requirement a).
| > Page1.aspx and page2.aspx are accessed by the internet user after being
| > authenticated by
| > form authentication.
| >
| > To achieve this scenario the following configuration must be included in
| > the web.config:
| > <forms loginUrl="login.aspx" >
| > </forms>
| > </authentication>
| > <authorization>
| > <deny users="?"/>
| > </authorization>
| > <!-- Allow all users to access default.aspx -->
| > <location path="default.aspx">
| > <system.web>
| > <authorization>
| > <allow users="*"/>
| > </authorization>
| > </system.web>
| > </location>
| >
| > In your login page make sure to redirect him to the original page after
| > custom authenticating the user by using
| > "System.Web.Security.FormsAuthentication.RedirectFromLoginPage".
| >
| > In a web application you can't mix form and windows authentication at
the
| > same time. But
| > what you can do is to implement a scenario that requires a twist. What
you
| > can do is to have
| > an extra button on the log on page. This button will redirect the user
to
| a
| > windows authenticated
| > page. This page is configured just for windows authentication. If the
| user
| > is windows authenticated,
| > there is no username/password dialog box that will be shown. Otherwise
it
| > will require that he
| > enters username and password. From this page, you can direct the
internal
| > user back to the login
| > page to create the authentication cookie.
| >
| > In the login page, a session variable is used to track if this is the
| first
| > time the user has visited the forms authentication logon page. Like
this:
| > If Session("BeenHere") = "a" Then
| > 'If session("NTLM") = "OK" then pass them on through with no
| > interaction
| > 'Otherwise, present some logon function here
| > Else
| > Session("BeenHere") = "a"
| > 'use response.redirect to the NTLM page
| > End If
| >
| > Also, a label will display and a button like this:
| > If you get prompted for your user name,
| > cancel the dialog and click here: <button>
| >
| > The button will submit them back to the same page. This time the session
| > variable will exist and we will display some form of logon screen.
| >
| > If they do get to the page that requires NTLM, it will perform:
| > session("NTLM") = "OK"
| > It will also include a response.redirect back to the logon page.
| >
| >
| > Thanks,
| > Bassel Tabbara
| > Microsoft, ASP.NET
| >
| > This posting is provided "AS IS", with no warranties, and confers no
| rights.
| >
| > --------------------
| > | From: "Michael Jones" <Michael.Jones\remove.this@binadyne.de>
| > | Subject: Using both Forms and Windows Security...
| > | Date: Thu, 9 Jan 2003 12:24:41 +0100
| > | Lines: 24
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| > | Message-ID: <#oRTsG9tCHA.2040@TK2MSFTNGP11>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| > | NNTP-Posting-Host: 195.63.72.75
| > | Path: cpmsftngxa09!TK2MSFTNGP08!TK2MSFTNGP11
| > | Xref: cpmsftngxa09
| microsoft.public.dotnet.framework.aspnet.security:3580
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
| > |
| > | Hello,
| > |
| > | I'm just wondering....
| > |
| > | Is it possible to create a site that allows for the following schemes
at
| > the
| > | same time?
| > |
| > | a) an Internet user enters the site and views the only content that
| is
| > | for the public....
| > | b) an Internet user enters the site and logs onto the site (via
| forms)
| > | and can now view additional content
| > |
| > | and finally
| > |
| > | c) an Intranet user enters the site and is automatically logged on
| and
| > | can view then content he is authorized for
| > |
| > |
| > | Any Ideas?
| > |
| > | Regards,
| > | Michael
| > |
| > |
| > |
| >

|



Relevant Pages

  • Re: IIS 6.0 Windows Integrated Authentication Problem - 401.2 Error
    ... but may cause issues for you if you need the double hop authentication. ... > anonymous access and enable only Windows Integrated Authentication. ... > denied due to server configuration.). ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.windows.server.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.inetserver.iis.security)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: form authentication and webservices
    ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... We will be using Windows Authentication on the Web Services side (same ... Dominick Baier ...
    (microsoft.public.dotnet.framework.aspnet.security)