Re: Using both forms and windows authentication together

My new favorite way of implementing this type of architecture is to use
ADFS, as it supports this functionality out of the box. However, I probably
wouldn't suggest setting up ADFS just for this. If you were doing an
internal Web single sign on project across multiple apps or needed to
integrate identities with your external partners, then the extra effort is
easier to justify.

My preferred way of doing this type of thing without ADFS is to have
different URLs (possibly using split DNS to give you the same app name if
you are doing an intranet/extranet thing and have the ability to do split
DNS). With the external URL, use the AD membership provider for forms auth.
Inside, just use Windows auth.

There are ways of having the exact same app support both mechanisms
simultaneously, but aside from ADFS, all of the other implementations I've
seen are somewhat of a hack fest. I'm not a fan.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Matt Adamson" <Adamson_Matthew@xxxxxxxxxxx> wrote in message
news:%23ZcjE%23AXHHA.1212@xxxxxxxxxxxxxxxxxxxxxxx
Guys,

Does anyone know the best way to implement both windows and forms based
authentication in the same web site?

I'd like intranet based windows user to be able to use single sign on and
not require them to log in so the full windows name including domain name
can be used. However for internet based users they should be required to
enter their credentials.

Any thoughts?

Cheers

Matt



.

Relevant Pages

  • Re: ADFS Development Issues
    ... One thing to keep in mind is that if a website is protected by ADFS V1, ... site to be automatically authenticated by our windows application so ... like a web service proxy. ... generated on the server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS June 2006 Step-by-step guide
    ... I really do appreciate all of your help Joe. ... I was trying to write some code against the ADFS API but on my development ... Windows XP machine, ... alansh@xxxxxxxxxx in the resource forest. ...
    (microsoft.public.windows.server.active_directory)
  • ADFS Development Issues
    ... I am looking for some advice on how to develop a certain type of ADFS ... We have a Web Server - Windows server 2003 R2 EE ... I also got a web service successfully authenticating using adfs as ... the sample claim app and published the web service files into the same ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS Development Issues
    ... You are asking for trouble with this type of design because ADFS V1 is only ... web service proxies don't handle this type of thing ... The Windows token integration method doesn't really help you with the web ... the server based on how it needs to work. ...
    (microsoft.public.windows.server.active_directory)
  • Re: pass login to application
    ... federation server proxy to run R2. ... since ADFS can support Windows ... WS-Federation is absolutely not tied to Active Directory in any way. ...
    (microsoft.public.dotnet.security)