Re: log on to one, log on to all - web apps

Hi!
I agree with your requirement and you want to achieve single sign on.
Right? Here with form based authentication , you can not achieve it but if
you map some trusted identity (ASP.NET) with CMS, and SPS. It should work.
But if you have user level control then form based authentication will not
work. you will face prblem of windows token management as from based
authentication does give generic token and it can not be substituted against
windos token.

Please download following book.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E

It explains the authentication problem very well. you can refer chapter
5,6,7. It explains scenrios you are looking for.

There is how to section in the book which explains about form authentication.

Let me know if further discussion is required.

regards,
narendra.


"Alex Lakeland" wrote:

> Hi Narendra,
>
> Thanks for your reply. It will sort of be an extranet with all users coming
> through from the "outside world". Users will either be on one domain or
> several with trusts in place.
>
> I know how to use forms-based authentication with credentials checked
> against the AD users. How do I make the session valid on both the CMS and
> SPS environments so that the user does not have to enter his details again
> when following links between the two environments? An idea of the correct
> ..NET pbjects/methods or good articles to read would be great!
>
>
>
> "Narendra" <Narendra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:B9B7C2DB-1227-4102-B352-3C76ABBB1D28@xxxxxxxxxxxxxxxx
> > Hi!
> > Before answerign, I would like to ask couple of questions.
> > 1. Are all user part of same domain and network is kind of extranet?
> > 2. Are all user log on to server using internet?
> > 3. Do you have any auditing requirement for each user on SQL, SPS servers?
> > Is yes, then you will have to use impersonation and delegation? To
> use
> > imeprsonation and delegation, you have to use windows authentication. But
> as
> > you said you are using form authentication, you can use role based mapping
> > with SPS and CMS. So you will have to do mapping between your user and
> roles
> > created.
> > Here you will have less auditing feature and you will have to flow your
> > identiity from IIS server to CMS,SPS and SQL server.
> > The following set up should help you out for analysis,
> > 1. Create user group called CMS and SPS.
> > 2. Authenticated users using form with active directory.
> > 3. Check user belongs to particular group (CMS, SPS). if you want all user
> > to log on to each server then make universal group and then use trusted
> > predefined identity which uses windows authentication to access CMS and
> SPS.
> > Also ASP.NET user can be used with this set up. so you need not create any
> > user.
> >
> >
> > So you will have form authentication between browser and IIS server and
> > between IIS server to other server, use windows authentication.
> >
> >
> > regards,
> > narendra.
> > regards,
> > narendra.
> >
> >
> > "Alex Lakeland" wrote:
> >
> > > I have the following scenario:
> > >
> > > 2 win2k3 servers with MCMS2002, load balanced
> > > 3 win2k3 SPS2003 servers in medium server farm configuration
> > > 1 SQL2k/2k5 environment (probably a cluster)
> > > All users are external and log on with credentials in active directory
> on
> > > the same domain as the servers above.
> > >
> > > There will be a website that sits as an umbrella over the top of the two
> > > websites (CMS and SPS). This website will have a forms-based login - all
> > > users are external and will log in here.
> > >
> > > What I'm trying to achieve: once the user completes login on the
> umbrealle
> > > site they will be logged in on both SPS and CMS.
> > >
> > >
> > > How can I achieve this? Sicne the sites will be on the same root domain
> name
> > > I can share a cookie betweent he sites (I think) but I can't see how I
> pass
> > > the windows token between the environment. Is there another way? And how
> do
> > > I stop the session from timing out on e.g. SPS if the user is on CMS for
> an
> > > hour?
> > >
> > > Any suggestions, however theoretical, would be gratefully received.
> > >
> > > Alex Lakeland
> > >
> > >
> > >
>
>
>
.

Relevant Pages

  • Re: log on to one, log on to all - web apps
    ... Do you have any auditing requirement for each user on SQL, SPS servers? ... you have to use windows authentication. ... > with SPS and CMS. ... > identiity from IIS server to CMS,SPS and SQL server. ...
    (microsoft.public.dotnet.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... > until logon), the wireless connection can kick off when it is ready. ... > was confirmed in the server event logs with IAS (i set that up as the radius ... > as an ordinary user kicks in and takes over from the machine authentication. ... > while the network sorts itself out and a double click on a network link of ...
    (microsoft.public.windows.server.security)
  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... SYSTEM account. ... In IIS I took the virtual server that I was testing, ... Authentication premise. ... From a website perspective, I ...
    (microsoft.public.inetserver.iis.security)
  • Need help configuring Wireless Connection profile
    ... I have an SBS 2003 server and a Server 2003 member server set up using RADIUS ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP ... Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: Remote Web Workplace Issues-Please help!
    ... Open the Server Management Console, ... client after Authentication" right. ... permissions, and Microsoft Windows user rights according to the KB 812614. ... Download the IIS Resource Kit tools from the following page: ...
    (microsoft.public.windows.server.sbs)