Re: ASP.net & Win32 API (LogonUser) question...

From: Rich (bobo456_at_hotmail.com)
Date: 11/02/04

  • Next message: LisaConsult: "RE: Web.config timeout"
    Date: 2 Nov 2004 07:55:04 -0800
    
    

    Hi Scott,

    Thanks for the response. I have tried this as well:
    <authentication mode="Windows"></authentication>
    <identity impersonate="True"/>

    I still only have Windows Auth checked in IIS and I still get
    Challenged eventhough I am using LogonUser to login the user to the
    server.

    Any other ideas?

    When I mentioned using both Windows Auth (IIS) & Forms Auth (Asp.net)
    I was trying to follow this example.
    http://www.dotnetbips.com/displayarticle.aspx?id=201

    However, really my main goal is to login the user without getting the
    windows challenge, but to log them in manually so that they don't have
    to close the browser in order to sign in as a different user. Also I
    still want to retain the Windows Auth to check each file that is
    requested is being used by a valid user/group on the server.

    Thanks again...

    Scott Allen <bitmask@[nospam].fred.net> wrote in message news:<8n0eo05bq1cvnlj7edsreaqtp4tr7pe0aa@4ax.com>...
    > Hi Rich:
    >
    > I'm a little confused. You want to use Windows authentication but you
    > have the web.config setup for Forms authentication? Forms auth will
    > always force the browser to prompt the user to login. This setting in
    > web.config will trump the IIS setting.
    >
    > I think you want to change the web.config to Windows authentication
    > only and deny anonymous access. Once you do this there is no need to
    > use LogonUser, you can have the impersonate="True" in the web config
    > and the request will access local resources using the client's
    > identity. If the client is not in a group allowed to see a particular
    > file the server will deny authorization.
    >
    > Tracking the user's session is a different issue and independent of
    > how the app authenticates and authorizes the user. You can still have
    > session state without forms authentication.
    >
    > Making sense?
    >
    > --
    > Scott
    > http://www.OdeToCode.com/blogs/scott/
    >


  • Next message: LisaConsult: "RE: Web.config timeout"

    Relevant Pages

    • Re: Windows Authentication method on IIS6
      ... The microsoft.public.windows.server.* groups deal with Windows 2003 ... The microsoft.public.inetserver.* groups deal with IIS ... > the authentication button, ... You can configure either one or multiple realm names on a server running IIS ...
      (microsoft.public.win2000.security)
    • Re: How to access Windows IIS User Info with Perl
      ... but the IIS server is configured for Windows ... allowed for Basic Authentication, Windows Authentication (or whatever ... Do you know if they are part of a standard ...
      (comp.lang.perl.misc)
    • Windows Authentication with IIS on separate machines
      ... Yes, setting Basic Authentication in IIS works, but the ... >in SQL server but doesn't work if user account was ... >imported from a Windows account. ...
      (microsoft.public.sqlserver.security)
    • Re: Windows authentication in code
      ... With Windows auth, the browser actually ... If you aren't using Windows auth, the browser will not send authorization ... I guess that replicating Windows authentication ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Change in ASP.Net authentication between Win2000 and Win2003
      ... IIS Resource Guide). ... I next looked a little into Windows 2003. ... IMHO, the label on the option, "Enable Integrated Windows Authentication", ... the documentation leads one to ...
      (microsoft.public.windows.server.security)