Re: Authenticate user and allow anonymous access
From: Nilssons (nilssons@yahoo.com)
Date: 03/08/03
- Next message: Max Metral: "Impersonating additional threads in IIS"
- Previous message: John Saunders: "Re: How to provide Log Off for a Web Application?"
- In reply to: Joseph Geretz: "Re: Authenticate user and allow anonymous access"
- Next in thread: Joseph Geretz: "Re: Authenticate user and allow anonymous access"
- Reply: Joseph Geretz: "Re: Authenticate user and allow anonymous access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: nilssons@yahoo.com (Nilssons) Date: 7 Mar 2003 23:41:11 -0800
"Joseph Geretz" <jgeretz@nospam.com> wrote in message
> Hi Stefan,
>
> I use two directory mappings into the same site folder. One mapping allows
> anonymous access, this is the URL that users hit when they first browse onto
> the site. For login, I simply redirect the browser to the directory which
> requires authentication. The first hit on any page via this directory pops
> up the IE login dialog.
>
> Check out the thread 'How can I log off a Basic Authenticated browser user?'
> for more details.
>
> Hope this helps,
>
> - Joe Geretz -
Hi Joe,
Thanks for your input, although this is just a different approach to a
previous post. I think that maybe a clarification of what I am trying
to achieve might be in order at this point, so here we go:
Setup:
- The application will live on an intranet, being a part of a domain.
- Almost every user that will hit the application will be a user in
this domain as well, so technically grabbing their identity should not
be a problem.
- However, some users will not be a part of the domain, and the
application should treat them as anonymous users, WITHOUT presenting
them with a challenge response / basic authentication login box when
hitting the application.
So my problem is this. When a user hits the application, I would like
to be able to grab their logon identity (DOMAIN\User), I do not need
to actually authenticate them, just grab them. I can do this easily by
turning on Windows authentication in IIS/web.config. However, if I do
this, the users that are not part of the domain will be presented with
a login box, whereas I would like them to be able to use the
application as anonymous users.
Now, these constraints may seem strange and fundamentally go against
basic security thinking, but they are the nonetheless parameters that
I have to work with.
Ideas anyone?
Best,
Stefan Nilsson
- Next message: Max Metral: "Impersonating additional threads in IIS"
- Previous message: John Saunders: "Re: How to provide Log Off for a Web Application?"
- In reply to: Joseph Geretz: "Re: Authenticate user and allow anonymous access"
- Next in thread: Joseph Geretz: "Re: Authenticate user and allow anonymous access"
- Reply: Joseph Geretz: "Re: Authenticate user and allow anonymous access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
