Re: Combined Authentication Schemes
From: Chris Blanco (cblancoNOSPAM@necam.com)
Date: 03/24/03
- Next message: Chris Blanco: "Managed to Unmanaged security."
- Previous message: Joe Reazor: "Re: Forms Authentication Name property"
- In reply to: Todd Gray: "Combined Authentication Schemes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chris Blanco" <cblancoNOSPAM@necam.com> Date: Mon, 24 Mar 2003 15:06:31 -0500
This is a good article about building a custom security Principle. We are
working on something very similar
http://msdn.microsoft.com/msdnmag/issues/02/05/RoleSec/default.aspx
"Todd Gray" <todd@gstech.com> wrote in message
news:3beb01c2f225$f49e4500$3001280a@phx.gbl...
> I have a website that is accessed both by external users
> and internal users. The external users are authenticated
> by a different set of content, and their credentials are
> passed to my site via HTTP headers. Internal users are
> authenticated via Win2K/AD. In the ASP.old version of the
> site, both Anonymous and Windows authentication are
> checked in IIS for the site. On each page, code is
> executed to see if the external HTTP headers exist, if
> not, it checks for LOGON_USER and if that isn't found it
> sets the Response.Status to "401 Access Denied" which
> seems to challenge for the Win2K credentials.
>
> My problem is that this has to be done on every page. I
> would like to use Forms Authentication to make sure this
> only happens in one place. I'm hoping for something like:
>
> if(externalhttpexists)
> use external access credentials
> else
> if(logon_user is set)
> use logon_user credentials
> else
> display login.aspx form to enter credentials
>
> My hope is that those using IE internally and who have
> allowed their userid and password to be sent to Intranet
> sites will not be prompted for their userid and password,
> but those who have blocked it or are using Netscape will
> get my Login form instead of the standard challenge popup.
>
> Am I dreaming? Is this possible?
>
> Thanks,
> Todd Gray
- Next message: Chris Blanco: "Managed to Unmanaged security."
- Previous message: Joe Reazor: "Re: Forms Authentication Name property"
- In reply to: Todd Gray: "Combined Authentication Schemes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
