Combined Authentication Schemes
From: Todd Gray (todd@gstech.com)
Date: 03/24/03
- Previous message: Alex Vincent: "Re: Remote Machine Name"
- Next in thread: Chris Blanco: "Re: Combined Authentication Schemes"
- Reply: Chris Blanco: "Re: Combined Authentication Schemes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Todd Gray" <todd@gstech.com> Date: Mon, 24 Mar 2003 08:53:55 -0800
I have a website that is accessed both by external users
and internal users. The external users are authenticated
by a different set of content, and their credentials are
passed to my site via HTTP headers. Internal users are
authenticated via Win2K/AD. In the ASP.old version of the
site, both Anonymous and Windows authentication are
checked in IIS for the site. On each page, code is
executed to see if the external HTTP headers exist, if
not, it checks for LOGON_USER and if that isn't found it
sets the Response.Status to "401 Access Denied" which
seems to challenge for the Win2K credentials.
My problem is that this has to be done on every page. I
would like to use Forms Authentication to make sure this
only happens in one place. I'm hoping for something like:
if(externalhttpexists)
use external access credentials
else
if(logon_user is set)
use logon_user credentials
else
display login.aspx form to enter credentials
My hope is that those using IE internally and who have
allowed their userid and password to be sent to Intranet
sites will not be prompted for their userid and password,
but those who have blocked it or are using Netscape will
get my Login form instead of the standard challenge popup.
Am I dreaming? Is this possible?
Thanks,
Todd Gray
- Previous message: Alex Vincent: "Re: Remote Machine Name"
- Next in thread: Chris Blanco: "Re: Combined Authentication Schemes"
- Reply: Chris Blanco: "Re: Combined Authentication Schemes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
