Re: Complicated Fallback ASP.NET Security

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 01/16/04 

Date: Thu, 15 Jan 2004 23:14:59 -0600

I'm pretty sure you would need to authenticate the ADAM users via LDAP and
some kind of Forms authentication as they aren't Windows users and can't be
authenticated via the normal SSPI stuff. You could also authenticate your
Windows users against ADAM using its proxy authentication stuff, but then
you won't have WindowsPrincipals for your web users.

>From there you could get clever and do something like calling LogonUser for
the Windows users to build a real Windows logon token if you needed that,
but there isn't any way to get a token for the ADAM users, so it might be
best to treat them uniformly.

Hopefully that gave you some good ideas and didn't confuse you. I haven't
played with ADAM much yet, so this is all based on my current understanding
and reading a lot of newsgroup posts about it. But I am pretty sure this
info is accurate.

Joe K.

"Shawn Wheatley" <swheatley22@yahoo.com> wrote in message
news:50b4861f.0401151415.33062d9f@posting.google.com...
> I have been working on an ASP.NET app at work for quite some time now.
> We've been using Windows authentication up until now, but I've come
> across a problem. Ideally, users on our local intranet would be
> authenticated via Windows authentication. Users outside of our
> intranet would still authenticate, but via a seperate AD/AM instance
> (to keep from adding non-intranet users to our main AD server).
>
> Is something like this possible? Every article I've read relating to
> AD used in an ASP.NET app involves using Forms authentication. I
> would prefer that intranet users not have to login once again to this
> app after logging into their workstations.
>
> Thanks for any help,
> Shawn Wheatley

Relevant Pages

  • Re: URGENT - Very Puzzled - IIS Authentication
    ... Juan T. Llibre, asp.net MVP ... instruct your users to go to http://sguk-web1 to enter the intranet. ... I have just deployed our shiny new ASP.NET 2 Intranet app and want to use Integrated windows ... authentication at IIS level with "windows" authentication in web.config. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Complicated Fallback ASP.NET Security
    ... I think the main problem is that you really can't do Windows authentication ... Thus ADAM users can't have a WindowsPrincipal object. ... From there you could build out an IPrincipal object. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.windows.server.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.inetserver.iis.security)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)