Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?

From: Chad Beckner (cbeckner_at_iupui.edu)
Date: 09/04/05 

Date: Sat, 3 Sep 2005 18:22:01 -0500

  So, in effect, how does that protect files in a directory (.gif, .htm,
etc)? That, to me, doesn't seem to provide "true"security of an area, like
IIS does... Does anyone know if this has changed in 2.0?

  For now, I guess I can keep using the ISAPI filter that I built... Unless
anyone else has a better solution. However, I am disappointed that I can't
set up this kind of security in .NET/FormsAuthentication like I can with IIS
Basic. I want to protect ALL files (and not have everything be processed
through the isapi_aspnet dll) in a particular area and have them
authenticate before accessing it, but without a "windows logon" prompt.

Thanks for the help,

Chad

"Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> wrote in message
news:Oi0PhrNsFHA.2008@TK2MSFTNGP10.phx.gbl...
When you use Forms authentication you have to set IIS to Anonymous
authentication. Check out this article for a discussion on the combinations
between ASP.NET authentication and IIS authentication:

nhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp

If you think you can customize ASP.NET to use forms with Basis
Authentication you'll probably have to write an HTTP Module. Check out this
article for a discussion on Modules and Handlers:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/elmah.asp

Good luck. 

-- 
_______________________________
Sam Santiago
ssantiago@n0spam-SoftiTechture.com
http://www.SoftiTechture.com
_______________________________
"Chad Beckner" <cbeckner@iupui.edu> wrote in message 
news:uQIFS58rFHA.3352@TK2MSFTNGP14.phx.gbl...
> Hi everyone,
>
>  First off, sorry for the cross-post...
>
>  I am developing a site (ASP.NET) in which the root will be set with
> Anonymous AND/OR Basic permissions.  Past that I will have an application
> (directory) in which I will be developing applications, which will have 
> IIS
> Basic Authentication set (this can't be avoided).  In the past, I have 
> been
> able to use a ISAPI Filter to add the response headers dynamically, and 
> add
> the authentication to the request, therefore, allowing users into the 
> secure
> directory, and all of this is form based, there is no browser prompt for
> their username/password (and it adds it to every request, images, .htm
> files, .asp files, etc).  Now I am trying to do this with ASP.NET (VB),
> again, trying to avoid the browser prompt, and add the authentication to
> every request (again, images, .htm files, aspx files, etc).  However, I 
> have
> been unsuccessful using FormsAuthentication with the directory set to IIS
> Basic Authentication (since IIS sees the request first, I get a browser
> prompt. I want to replace this with a redirect to a login form).  I have
> been able to get the FormsAuthentication to set the cookie, but when it
> tries to go into the Basic secured directory, I get a browser prompt.  Any
> help would be greatly appreciated!! (Do I need to write another ISAPI
> Filter, can I use FormsAuthentication to do this??  Suggestions?)
>
>  I have looked at hundreds of articles (or at least it seems!), and am not
> 100% how to write an ISAPI filter in .NET, if that needs to be done.  Any
> pointers to live artices, code, etc. would be very helpful.
>
>  Overall, basically, I want to use Basic Authentication protocol and
> FormsAuthentication to access an IIS-set Basic Authentication directory, 
> but
> I want to use a form instead of the normal windows logon prompt.  Our 
> users
> share computers, so having them being able to "save their password" is a
> major security concern, which is why I need a login form page.
>
> Thanks!
>
> Chad
>
>

Relevant Pages