RE: Intranet Windows Auth and Forms

From: Bassel Tabbara [MSFT] (basselt_at_online.microsoft.com)
Date: 04/26/03

Next message: Bassel Tabbara [MSFT]: "RE: Asp.Net "login failed for user 'NT Authority/Network service'""

Previous message: Bassel Tabbara [MSFT]: "RE: Running a Web application with Administrator privileges"
In reply to: dave: "Intranet Windows Auth and Forms"
Next in thread: dave: "RE: Intranet Windows Auth and Forms"
Reply: dave: "RE: Intranet Windows Auth and Forms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 26 Apr 2003 14:55:52 GMT

Hello Dave
Basically you will have a page which is configured just for windows
authentication. .
>From this page, you can direct the internal user back to the login page to
create the authentication cookie.

In the login page, you use a session variable to track if this is the first
time the user has visited the forms authentication logon page. This will
provide that the user has been
already in this page but he had been redirected to the authentication page.
On the return from the windows
authentication page, the session will flag if the user has visited the page.
      If Session("BeenHere") = "a" Then
         'If session("NTLM") = "OK" then pass them on through with no
interaction
         'Otherwise, present some logon function here
      Else
         Session("BeenHere") = "a"
         'use response.redirect to the NTLM page
      End If

Also, a label will display and a button like this:
If you get prompted for your user name,
cancel the dialog and click here: <button>

The button will submit them back to the same page. This time the session
variable will exist and we will display some form of logon screen.

The windows authentication page will have just as a purpose to
authenticate intranet users. This can be done by using the location
configuration section which can
specify which part of the application allow users access to certain part
of the application.
This can be better explained using an example.

Lets say that you have the following application:
WebApp1
      |
      ------ default.aspx
      |
      ----- page1.aspx
      |
      ----- page2.aspx.

Part a) and part b) of your requirements can be accomplished using form
authentication.
In this sample default.aspx is accessed by all internet users which
satisfies requirement a).
Page1.aspx and page2.aspx are accessed by the internet user after being
authenticated by
form authentication.

To achieve this scenario the following configuration must be included in
the web.config:
<forms loginUrl="login.aspx" >
   </forms>
     </authentication>
<authorization>
  <deny users="?"/>
</authorization>

<location path="default.aspx">
  <system.web>
   <authorization>
    <allow users="*"/>
   </authorization>
  </system.web>
</location>

In your login page make sure to redirect him to the original page after
custom authenticating the user by using
"System.Web.Security.FormsAuthentication.RedirectFromLoginPage".

I hope this makes sense. Please let me know if you have questions regarding
this solution.

Thanks,
Bassel Tabbara
Microsoft, ASP.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

Next message: Bassel Tabbara [MSFT]: "RE: Asp.Net "login failed for user 'NT Authority/Network service'""

Previous message: Bassel Tabbara [MSFT]: "RE: Running a Web application with Administrator privileges"
In reply to: dave: "Intranet Windows Auth and Forms"
Next in thread: dave: "RE: Intranet Windows Auth and Forms"
Reply: dave: "RE: Intranet Windows Auth and Forms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]