Re: Using both Forms and Windows Security...

From: Michael Jones (Michael.Jones\remove.this@binadyne.de)
Date: 01/14/03 

From: "Michael Jones" <Michael.Jones\remove.this@binadyne.de>
Date: Tue, 14 Jan 2003 20:25:43 +0100

Hello Bassel,

Thanks for the answer.... Even if I must say that I am not that happy with
it....

Is there some possiblity to sidestep this? I was intending to use (existing)
ActiveDirectory content for the "local" users and that would be best
controlled using "Windows" authentication.

I personlly think that enabling "Windows" authentication in the location
node would be a nice feature on behalf of ASP.NET.

<location path="Admin/Logon.aspx">
    <system.web>
        <authentication mode="Windows">
        </authentication>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

Don't you have any idea?

Regards,
Michael

"Bassel Tabbara [MSFT]" <basselt@online.microsoft.com> wrote in message
news:RLhjw5#uCHA.1620@cpmsftngxa09...
> Hello Michael,
> Since you configured the web application to use form authentication, the
> windows credentials are not passed and
> User.Identity.Name returns null as expected. If you are using form
> authentication, you will write code that will identify
> the user since it is more a customized authentication that you are doing.
>
> Please let me know if you have further questions?
>
>
> Thanks,
> Bassel Tabbara
> Microsoft, ASP.NET
>
> This posting is provided "AS IS", with no warranties, and confers no
rights.
>
> --------------------
> | From: "Michael Jones" <Michael.Jones\remove.this@binadyne.de>
> | References: <#oRTsG9tCHA.2040@TK2MSFTNGP11>
> <8q4O3OOuCHA.2704@cpmsftngxa09>
> | Subject: Re: Using both Forms and Windows Security...
> | Date: Tue, 14 Jan 2003 17:18:11 +0100
> | Lines: 174
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> | Message-ID: <OAwd$h#uCHA.1624@TK2MSFTNGP11>
> | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> | NNTP-Posting-Host: 195.63.72.75
> | Path: cpmsftngxa09!TK2MSFTNGP08!TK2MSFTNGP11
> | Xref: cpmsftngxa09
microsoft.public.dotnet.framework.aspnet.security:3631
> | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> |
> | Hallo Bassel,
> |
> | Thanks for your very comprehensive answer!
> |
> | Basically it is working fine - Yet I have still got one "little"
> problem....
> |
> | I have created a page "Admin/Logon.aspx" which is set to "Windows
> | Integrated" in die IIS.
> |
> | All fine so far... BUT - In the Logon.aspx.cs Page_Load method the
> | User.Identity.Name is always empty (and the Mode is set to forms) So I
can
> | not identify the user...
> |
> | Any suggestions to this?
> |
> |
> | Regards and Thanks!
> |
> | Michael
> |
> |
> | "Bassel Tabbara [MSFT]" <basselt@online.microsoft.com> wrote in message
> | news:8q4O3OOuCHA.2704@cpmsftngxa09...
> | > Hello Michael,
> | > Your scenario can be accomplished by configuring your web application
> | > appropriately.
> | > This can be done by using the location configuration section which can
> | > specify which part
> | > of the application allow users access to certain part of the
> application.
> | > This can be better
> | > explained using an example.
> | >
> | > Lets say that you have the following application:
> | > WebApp1
> | > |
> | > ------ default.aspx
> | > |
> | > ----- page1.aspx
> | > |
> | > ----- page2.aspx.
> | >
> | > Part a) and part b) of your requirements can be accomplished using
form
> | > authentication.
> | > In this sample default.aspx is accessed by all internet users which
> | > satisfies requirement a).
> | > Page1.aspx and page2.aspx are accessed by the internet user after
being
> | > authenticated by
> | > form authentication.
> | >
> | > To achieve this scenario the following configuration must be included
in
> | > the web.config:
> | > <forms loginUrl="login.aspx" >
> | > </forms>
> | > </authentication>
> | > <authorization>
> | > <deny users="?"/>
> | > </authorization>
> | > <!-- Allow all users to access default.aspx -->
> | > <location path="default.aspx">
> | > <system.web>
> | > <authorization>
> | > <allow users="*"/>
> | > </authorization>
> | > </system.web>
> | > </location>
> | >
> | > In your login page make sure to redirect him to the original page
after
> | > custom authenticating the user by using
> | > "System.Web.Security.FormsAuthentication.RedirectFromLoginPage".
> | >
> | > In a web application you can't mix form and windows authentication at
> the
> | > same time. But
> | > what you can do is to implement a scenario that requires a twist. What
> you
> | > can do is to have
> | > an extra button on the log on page. This button will redirect the user
> to
> | a
> | > windows authenticated
> | > page. This page is configured just for windows authentication. If the
> | user
> | > is windows authenticated,
> | > there is no username/password dialog box that will be shown. Otherwise
> it
> | > will require that he
> | > enters username and password. From this page, you can direct the
> internal
> | > user back to the login
> | > page to create the authentication cookie.
> | >
> | > In the login page, a session variable is used to track if this is the
> | first
> | > time the user has visited the forms authentication logon page. Like
> this:
> | > If Session("BeenHere") = "a" Then
> | > 'If session("NTLM") = "OK" then pass them on through with no
> | > interaction
> | > 'Otherwise, present some logon function here
> | > Else
> | > Session("BeenHere") = "a"
> | > 'use response.redirect to the NTLM page
> | > End If
> | >
> | > Also, a label will display and a button like this:
> | > If you get prompted for your user name,
> | > cancel the dialog and click here: <button>
> | >
> | > The button will submit them back to the same page. This time the
session
> | > variable will exist and we will display some form of logon screen.
> | >
> | > If they do get to the page that requires NTLM, it will perform:
> | > session("NTLM") = "OK"
> | > It will also include a response.redirect back to the logon page.
> | >
> | >
> | > Thanks,
> | > Bassel Tabbara
> | > Microsoft, ASP.NET
> | >
> | > This posting is provided "AS IS", with no warranties, and confers no
> | rights.
> | >
> | > --------------------
> | > | From: "Michael Jones" <Michael.Jones\remove.this@binadyne.de>
> | > | Subject: Using both Forms and Windows Security...
> | > | Date: Thu, 9 Jan 2003 12:24:41 +0100
> | > | Lines: 24
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> | > | Message-ID: <#oRTsG9tCHA.2040@TK2MSFTNGP11>
> | > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> | > | NNTP-Posting-Host: 195.63.72.75
> | > | Path: cpmsftngxa09!TK2MSFTNGP08!TK2MSFTNGP11
> | > | Xref: cpmsftngxa09
> | microsoft.public.dotnet.framework.aspnet.security:3580
> | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> | > |
> | > | Hello,
> | > |
> | > | I'm just wondering....
> | > |
> | > | Is it possible to create a site that allows for the following
schemes
> at
> | > the
> | > | same time?
> | > |
> | > | a) an Internet user enters the site and views the only content
that
> | is
> | > | for the public....
> | > | b) an Internet user enters the site and logs onto the site (via
> | forms)
> | > | and can now view additional content
> | > |
> | > | and finally
> | > |
> | > | c) an Intranet user enters the site and is automatically logged
on
> | and
> | > | can view then content he is authorized for
> | > |
> | > |
> | > | Any Ideas?
> | > |
> | > | Regards,
> | > | Michael
> | > |
> | > |
> | > |
> | >
>
> |
>
>