Re: ASP.NET windows authetication

From: Paul Clement (UseAdddressAtEndofMessage_at_swspectrum.com)
Date: 12/14/04

• Next message: Carlos: "asp.net how to login to AD from a webform"
• Previous message: Nicole Calinoiu: "Re: Page.User.Identity.Name vs. WindowsIdentity.GetCurrent().Name"
• In reply to: Andy: "Re: ASP.NET windows authetication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 14 Dec 2004 08:31:28 -0600

On Sun, 12 Dec 2004 20:33:02 -0800, "Andy" <Andy@discussions.microsoft.com> wrote:

¤ Not quite.
¤ Users who don't enter an e-mail address would authenticate with aciive
¤ directory.
¤ User who do enter an e-mail address would authenticate with an access
¤ database (I already know about hasing passwords)
¤

You will have to use Forms Authentication for both and then choose windows or database
authentication based upon the account ID they enter.

Authenticating against the database is relatively easy. Authenticating against AD might require a
bit more effort. What you will probably need to do is call the LogonUser API function call. There is
an example in the article below. You don't need to implement the impersonation code, just call
LogonUser with the supplied credentials.

How to implement impersonation in an ASP.NET application
http://support.microsoft.com/kb/306158/EN-US/

There is another method that uses DirectoryServices, however I'm somewhat dubious about the solution
since Microsoft has indicated in the past that ADSI and DirectoryServices were not designed for
authentication.

HOW TO: Authenticate against the Active Directory by Using Forms Authentication and Visual Basic
.NET
http://support.microsoft.com/?id=326340

Paul ~~~ pclement@ameritech.net
Microsoft MVP (Visual Basic)

• Next message: Carlos: "asp.net how to login to AD from a webform"
• Previous message: Nicole Calinoiu: "Re: Page.User.Identity.Name vs. WindowsIdentity.GetCurrent().Name"
• In reply to: Andy: "Re: ASP.NET windows authetication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages ASP.NET Forms Authentication Best Practices ... ASP.NET Forms Authentication Best Practices ... What happens if your user database is compromised? ... Listing One, where you want to use login.aspx to log users in. ... string FirstName ... (microsoft.public.dotnet.framework.aspnet) Re: Security question .. ... What I want to prevent is any access to the database accept through our ... application unless you have elevated permissions. ... Authentication, if he is smart enough to create an NT Auth ODBC connection ... passes through to the database or to use SQL Server authentication. ... (microsoft.public.sqlserver.server) User authentication over the web (was: Secure Password in database) ... Subject: User authentication over the web (was: Secure Password in database) ... a web server is usually authenticated to users by using SSL or TLS ... (SecProg) Re: Using SSPI with Custom Authentication ... It boils down to moving the security perimeter away from the server. ... first database contains all of the user information; ... perform authentication, and users need to be authenticated before accessing ... (microsoft.public.dotnet.security) Re: SQL Express MDF file moved from 1 computer to another - auth f ... I try to attach the database which is located in MyDocuments\Visual ... Microsoft SQL Server Management Studio ... now it tells me that authentication has failed for my windows ... (microsoft.public.sqlserver.connect)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint