Re: Authenticate user and allow anonymous access

From: Joseph E Shook (JoeShook@DeploymentCentric.com)
Date: 03/16/03 

From: "Joseph E Shook" <JoeShook@DeploymentCentric.com>
Date: Sat, 15 Mar 2003 18:32:32 -0800

No, you didn't miss anything. I figure there isn't any way to allow both
anonymous and authenticated users in without using two virtual directories
so the only users that would ever have to enter credentials would be the
anonymous. But all anonymous users would use the same credentials so they
are sill anonymous in that we don't know who they are. You are definetly
correct in that my solution would require anonymous users to enter some kind
of credentials.

You know I was thinking that maybe a custom http handler or some code in
global.asax could be written to inform failed authentication attempts of the
anonymous password. You know like when the server sends the browser a 401
error.

Kind of like the response code bellow:

Response.StatusCode = 401;

Response.StatusDescription = "Unauthorized";

Response.Write("<h2>Anonymous Username = Bob, and Password =
password</h2>");

Going down that path might be interesting. Because at least then an
anonymous user would learn the credentials. I am not sure this would work
but I have had a lot of success with changing the browsers user credentials
this way.

"Joseph Geretz" <jgeretz@nospam.com> wrote in message
news:u0t3H016CHA.1912@TK2MSFTNGP10.phx.gbl...
> Hi Joseph,
>
> > Just turn on Basic Auth and Integrated. Turn off Anonymous and create a
> > generic username and password for users that do not have domain
accounts.
> > This would be a domain account but a restriced domain account with out
> logon
> > local types of permissions.
>
> How will this work? As Stefan said above, some users are coming in without
> credentials and he doesn't want them to be challenged, he'd like them to
> succeed as Anonymous. With what you have suggested, Anonymous users will
be
> challenged for credentials since you have disabled Anonymous.
>
> Or am I missing something?
>
> Thanks,
>
> Joseph Geretz
>
> >
> >
> > "Joseph Geretz" <jgeretz@nospam.com> wrote in message
> > news:#LPyGTJ6CHA.1040@TK2MSFTNGP10.phx.gbl...
> > > Hi Stefan,
> > >
> > > > This will not work, simply because when checking both Windows
> > > > Integrated Authentication and Anonymous Access, IIS will default to
> > > > the lowest and never begin a challenge of the user, causing the
> > > > credentials to never be passed on to the application.
> > >
> > > I thought this might be the case. Oh well...
> > >
> > > > Anyone that has an idea/hack/whatever on how to do this, please let
me
> > > > know.
> > >
> > > Here's a hack: IIS allows you to replace specific error pages with
your
> > own
> > > page. Set up two virtual directories into your site; Anon & Auth. Anon
> > > allows anonymous access, Auth disallows anonymous. By default, users
> come
> > in
> > > on Auth. If they have credentials, they are in. All url's on the site
> > should
> > > be relative, so as they continue to browse they kep coming in through
> the
> > > Auth virtual directory.
> > >
> > > If they do not have credentials, that will fire an IIS error (505 I
> > think?).
> > > Remap your IIS 505 (or whatever) error to a page which simply
redirects
> > > anonymous users to the Anon virtual directory. Again, since all url's
on
> > the
> > > site are relative, as they continue to browse they kep coming in
through
> > the
> > > Anon virtual directory.
> > >
> > > Not bullet-proof. Network users, can explicitly 'jump' over to Anon of
> > they
> > > want. But if user's 'play by the rules' that is they use the links
> > supplied
> > > by the application, rather than using the browser url bar, this might
> work
> > > for you.
> > >
> > > Like I said, it's a hack.
> > >
> > > Hope this helps,
> > >
> > > Joseph Geretz
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Authenticate user and allow anonymous access
    ... This wold ... > Joe Geretz ... credentials to never be passed on to the application. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Implementing Log Off button on the Portal
    ... We have a portal for one of our clients and the clients have ... their users credentials in Active Directory. ... Annonymous Access is disabled for this portal as only authenticated users ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: SPS & WSS Sites Prompting for User/Password
    ... In article, James M. Parker wrote: ... WSS doesn't do well with NT Integrated Security. ... setting the client browser to pass the current credentials. ...
    (microsoft.public.sharepoint.portalserver)
  • Can I use $_SESSION to limit access to directories?
    ... I have a login script that creates a SESSION for authenticated users. ... contain files for download). ... directories with htaccess, but this means an already authenticated user must ... there is no way to pass credentials to ...
    (comp.lang.php)
  • Re: Vista SSO not working
    ... Same result (asked to login for app), except this time I wasn't even given the option to save the credentials. ... Manage your network passwords in the left panel, ... appear if SSO is working properly and you're using a Domain account. ...
    (microsoft.public.windows.terminal_services)
Quantcast