Re: Form authentication via LogonUser does not pass credentials to ifr

From: Vin McLellan (vin_at_theworld.com)
Date: 07/27/04

  • Next message: VJ: "Re: SecurityException "Request Failed"" 
    Date: 26 Jul 2004 15:05:46 -0700

    Hi Andrew:

    I can't see why ClearTrust would not work in this environment.
    ClearTrust has deep support for both Sharepoint and OWA.

    Your issue is with multi-domain single sign-on, and a lot of sites are
    said to implement MDSSO functionality within ClearTrust.

    I suggest you call in your site's RSA Sales Support Engineer (SSE) to
    make sure you haven't somehow mis-configured ClearTrust.

    I'm a consultant to RSA, so take my optimism with a grain of salt, but
    I don't see where you should have a problem with this configuration.

    Suerte,
          _Vin

    --------------- in reply to ------------------
    Andrew van der Stock queried the Listocracy:

    > Hi there,
    >
    > we are trying to use a web form to authenticate users against Active
    > Directory on .NET 1.1 running under Windows 2003.
    >
    > The authentication using LogonUser works just fine, and we can assert things
    > like
    >
    > if ( Context.User.Identity.IsAuthenticated )
    > { do stuff }
    >
    > on another page after returning from the logon page as defined in
    > web.config. So far, so good.
    >
    > However, when we try to include an iframe, the credentials the user has
    > signed in do not pass to the iframe. It might be easier to describe what I
    > am trying to do, as there may be a better way.
    >
    > We are trying to allow Internet users to authenticate via SecurID to AD
    > protected resources inside the client's network. We have tried various
    > approaches, including RSA ClearTrust, but for various reasons, this didn't
    > work. The network is like this:
    >
    > browser -> Internet -> Checkpoint -> ISA Server web publishing rule
    > integrated with RSA SecurID (FP1) -> myADauth page -> iframe to resource
    >
    > We have modified the SecurID login pages on the ISA server to include a
    > password, which is not used by SecurID authentication, but passes it on
    > using a post to the logon page in my app after SecurID authentication. This > works.
    >
    > Once the post has completed with a correct credential, we are authenticated,
    > and the iframe attempts to load. However, the Sharepoint or OWA resource
    > within the iframe presents a basic digest logon request.
    >
    > The iframe is using a URL that is also published by ISA web publishing
    > rules, so essentially there is no reverse proxy issue. The only issue is
    > that we cannot provide cross-site authentication, and we would like to.
    >
    > Any clues gratefully received,
    > Andrew van der Stock

    ---------------------------------------------------

    "Trust is only dangerous when you have to rely on it."

       * Vin McLellan + The Privacy Guild *
        vin@theworld.com Chelsea, MA. USA

  • Next message: VJ: "Re: SecurityException "Request Failed""