Re: Forms Authentication
From: frpascal (FRPascal_at_newsgroups.nospam)
Date: 11/14/05
- Previous message: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- Reply: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- Reply: [MSFT]: "Re: Forms Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Nov 2005 15:31:19 +0100
Hi Dominick,
The Input is Hidden and my users are kind office workers who just want to
logon automaticaly, i just use the logon name for their planning and worked
hours reports. No real security matter in fact.
I don't want to implement windows auth because of the pop up window.
Luke, I checked my servers and I don't find the cookies default setting, in
fact i changed nothing since I installed the new server.
Before now I already have the problem because my dev/test machine has
migrated to WinXP, from that time this "capture" didn't work any more on the
dev/test machine but worked properly on the W2000 server.
I checked other Forms Auth messages and I found a message about fiddler. I
tried to use it :
On the first page about Cookies :
- Cookie: ASP.NET_SessionId=a4ly5ymfrnp315555ytsak55
- Set-Cookie:
.ASPXAUTH=F3667128E001B12F31C9C0D130BC4600483EC7F09C2EBB653367A99BEDCDD2DF59
DB46986051F28B7A153E24C4737AFD8EDC95EC49927907EC81225A41684F9DBDE3604E5CC3E1
73; path=/
On the destination page :
- Cookie: ASP.NET_SessionId=a4ly5ymfrnp315555ytsak55;
.ASPXAUTH=F3667128E001B12F31C9C0D130BC4600483EC7F09C2EBB653367A99BEDCDD2DF59
DB46986051F28B7A153E24C4737AFD8EDC95EC49927907EC81225A41684F9DBDE3604E5CC3E1
73
I hope this can help you to help me ;)
Thanks a lot !
Pascal
"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> a
écrit dans le message de
news:4580be63139d548c7b738fd576d14@news.microsoft.com...
> Hello frpascal,
>
> so a use can be whoever he wants to when he manually changes the value
(filled
> by your javascript) before the POST to the server??
>
> That's not a good solution.
>
> Why don't you provide a separate directory for windows users - with
windows
> auth - then in AuthenticateRequest - construct a formsAuth ticket
manually,
> set the cookie and redirect to your main page?
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hi,
> >
> > For an Intranet, I try to capture the windows logon automaticaly to
> > identify
> > the user with a little javascript. I put this varaible in an Input
> > object
> > and use it with a
> > "FormsAuthentication.RedirectFromLoginPage(LoginUserWindows.Value,
> > False)"
> > just before the Response.Redirect("\Planning\PagePrincipale.aspx").
> > After that i recall the value with an "User.Identity.Name".
> > The trace tells me that Auth-User and Remote-User values are correct
> > but I can't get those values with the User.Identity.name after the
> > redirection.
> >
> > It is working fine with W2000 but don't work anymore with Win XP
> > neither Win 2003.
> >
> > Thanks for any help.
> > Pascal
>
>
- Previous message: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- Reply: Dominick Baier [DevelopMentor]: "Re: Forms Authentication"
- Reply: [MSFT]: "Re: Forms Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
