From: Dan Nash (
Date: 09/09/04

Date: Thu, 9 Sep 2004 01:09:01 -0700

Hi guys,

Couple of general questions for you. Background is I'm about to start
writing version 2 of a client's intranet system in .NET (originally ASP).
Just wanted to ask...

First of all, I'm looking at using forms authentification with a database.
So am I right in thinking that I need to put something in Web.Config to tell
the app to go and validate from a seperate file (one that loads the db and
checks password against a table of passwords), instead of using
<credentials>? If so, how would I go about this?

Secondly, what we *really* want to do is get rid of the login altogether.
Each users logs into Win2k3 server, so can I just pull what they are logged
into the computer as for the authentication on the intranet? They are not
using AD, so is this possible, and how would I go about that?

And lastly, if that is possible, what are they chances of running an ASP
page to actually force them to change their Windows password?

Any help on these would be useful - trying to come up with a project plan
for the rewrite :o)

Thanks in advance