Re: Windows authentication in code
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Jun 2006 09:54:20 -0500
A couple of things:
I'd suggest checking out the solution MS provides for calling LogonUser in
MSDN under the WindowsImpersonationContext class documentation. That shows
how to properly duplicate the token handle and close it as well. Also, I
think I'd use the "network" or "network cleartext" logon method instead of
interactive as it will be faster.
You will probably want to make this logon routine part of a forms
authentication implementation. The problem you will have though is how to
recreate the token on subsequent page visits. You will either need to cache
the token itself or the user's plaintext credentials so you can regenerate
the token.
Also, I don't know how you'll get this to integrate with SharePoint. It
expects Windows authentication. I'm not aware of any good ways to support
forms authentication with SharePoint except for maybe with ADFS. I think
you might consider going to basic authentication with SSL to get maximum
compatibility across browsers.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jerry C" <jerryed@xxxxxxxxxxxxx> wrote in message
news:880EC82D-3CEB-4848-81E1-52409492F060@xxxxxxxxxxxxxxxx
Thanks for the reply. Here is the code I am trying to get to work. It may
illustrate what I am trying to do. I have hard coded username domain
password
and left out the "Declare Function" for simplicity. The page is set to
anonymous user and I am trying to logon a user to the workgroup, or domain
and create an http context that will authenticate the user on all other
pages
for this session just like integrated windows authentication. Integrated
windows authentication is great stuff but other browsers don't do it and
the
customer does not like the default login popup and would like to duplicate
that functionality. I am also linking to another web site (sharepoint on
the
same machine) and would like the user to be recognized by that site.
Dim temp2WindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
LogonUserA("Jerry", "CD", "xxxx", LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token)
temp2WindowsIdentity = New WindowsIdentity(token, "NTLM",
WindowsAccountType.Normal, True)
HttpContext.Current.User = New WindowsPrincipal(temp2WindowsIdentity)
The question is is this the correct way to do this and are there other
considerations like how directory security is set in IIS6.0 and so on.
Just looking for some guidence on this issue.
Thank you.
--
Jerry
"Joe Kaplan (MVP - ADSI)" wrote:
I'd really suggest you read up on some of the MSDN samples on forms
authentication. There are plenty of walk throughs available, and it is
pretty easy to get working. ASP.NET does most of the work for you.
This forum will be more effective for you if you pose specific questions
about things that aren't working.
One thing that is worth knowing is that the ASP.NET pipeline executes for
each request. There are different events on the pipeline, such as
Authenticate and Authorize, that are executed as part of the pipeline
each
time. The various authentication modules such as forms and windows
handle
these events and handle security accordingly. There have also been some
really useful MSDN articles in the past explaining the ASP.NET pipeline
and
illustrating how it works.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Jerry C" <jerryed@xxxxxxxxxxxxx> wrote in message
news:7E9CE9DC-98C6-465E-9900-19F140328D34@xxxxxxxxxxxxxxxx
Joe and Luke,
Thank you for the reply. I am using Windows Auth for users that are
using
IE
and have a companion account or a domain account and that works OK.
Other
users are on Macks or using IE not have Companion accounts on the
server
(No
domain) or using
some other browser that does not log them on. These users will get the
Windows Logon Popup. The customer does not like that popup and wants
these
users to go to a different custom logon page that is set to anonymous
and
enter a user and password. At this point I have a username and a
password.
I
do not know how to program a form auth or the cookie to reauthenticate
on
each request. Some code examples would help. I don't have any
experience
on
how HTTP reauthenticates on each request or programming authentication
or
cookies.
--
Jerry
"Luke Zhang [MSFT]" wrote:
Hello Jerry,
If you just want to get a user account name ( windows authenticated),
you
may use a cookie/session to store it. Or, the solution in another
thread
we
discuss "Mixing Forms and Windows Securiey", use
"this.User.Identity.Name"
after authenticated by "winlogin.aspx".
Regards,
Luke Zhang
Microsoft Online Community Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader
so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
.
- Follow-Ups:
- Re: Windows authentication in code
- From: Jerry C
- Re: Windows authentication in code
- References:
- RE: Windows authentication in code
- From: Luke Zhang [MSFT]
- Re: Windows authentication in code
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Windows authentication in code
- From: Jerry C
- RE: Windows authentication in code
- Prev by Date: Re: Windows authentication in code
- Next by Date: Re: Could not establish trust relationship with remote server
- Previous by thread: Re: Windows authentication in code
- Next by thread: Re: Windows authentication in code
- Index(es):
Relevant Pages
|
|
