Re: ASP.Net Forms authentication & Windows Auth combined

From: Vince (vfabro_at_covansys.com)
Date: 12/07/04 

Date: Tue, 7 Dec 2004 07:04:47 -0500

Yep, I got it working!

Thanks!
Vince

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:e4EZuT92EHA.2192@TK2MSFTNGP14.phx.gbl...
> Generally, they will have log on locally enabled. You don't need to grant
> them interactive login. It can be set to batch (configure in local
> security policy). They also don't have to have any rights to anything
> sensitive.
>
> It think the bigger issue with LogonUser is if you are going to use it
> under Win2K. If so, the account calling the function must have Act as
> part of the operating system privilege which is normally only granted to
> SYSTEM. This restriction is lifted for XP and 2003.
>
> Joe K.
>
> "Vince" <vfabro@covansys.com> wrote in message
> news:efIAxB92EHA.3708@TK2MSFTNGP14.phx.gbl...
>>I read through the LogonUser information I found on the web, and I'm
>>concerned about the following statement: The user account must have Log
>>On Locally permission on the local computer.
>> Now I know that users authenticate using Windows authentication just
>> fine, but does that mean they have the "log on locally" permission that
>> LogonUser requires?
>>
>> Thanks,
>> Vince
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote in message news:O9tLpb82EHA.3840@tk2msftngp13.phx.gbl...
>>> You would need to implement your own code to log the user in. That's
>>> generally what they mean by "configured credential store". Since forms
>>> authentication is pretty arbitrary, they leave you to write the code.
>>>
>>> The easiest thing to do would be for you to call the LogonUser API to
>>> authenticate the user and get a login token for them. You could also
>>> use LDAP to authenticate them with the DirectoryEntry class or use SSPI
>>> to authenticate them.
>>>
>>> I think if you do some searches, you'll find implementations for all of
>>> these approaches.
>>>
>>> Joe K.
>>>
>>> "Vince" <vfabro@covansys.com> wrote in message
>>> news:erNdYO82EHA.4004@tk2msftngp13.phx.gbl...
>>>>I have a situation where I would like to use forms authentication and
>>>>windows authentication combined. Basically, I would like to use a form
>>>>to get the user's ID and password, and then validate those against the
>>>>domain just like IIS does when using Windows authentication. Also at
>>>>login time I would initialize their session variables.
>>>>
>>>> I've seen the FormsAuthentication class, but it says that when you call
>>>> Authenticate it validates the credentials against the configured
>>>> credential store. How do I configure it so that it validates against
>>>> the Windows domain? Or is this the wrong class to use to meet my
>>>> requirement?
>>>>
>>>> Thanks in advance,
>>>> Vince
>>>>
>>>
>>>
>>
>>
>
>