Re: Passing form credentials to windows security

I am also having troubles getting customauth to redirect to a specified logon
page. is there any tricks to this.

my page is named logon.htm
and i have specified the full url in the ini

Thanks in advance


"Doug" wrote:


Thats awesome and exactly what I am looking for. Thanks.. My next question
is there any sample custom login forms available. I familiar with posting
forms however does the form post back to the dll?
i assume that the inherent login form is compiled into the dll file however
im ok with creating just an html file or asp file and was wondering if you
knew of some samples out there?

Thanks again!


"David Wang [Msft]" wrote:

CustomAuth from IIS Platform SDK shows how to pass form credentials.

However, the custom scheme you describe (try Windows first and if it fails,
try forms) cannot be configured. Lots of people want that behavior, but
sorry, the standardized browsers and the authentication protocols just don't
work that way.

You can configure two websites, one Intranet that is Windows only, the other
Extranet that is Forms auth only.

This posting is provided "AS IS" with no warranties, and confers no rights.

"Doug" <Doug@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
Ok to explain my scenario here is my goal

I have an intranet site that is available internally as well as
Currently it is just html files on the intranet (that change may come
which will make it easy to secure via an application, unfortunately right
that is not an options)

What i would like to do is essentialy mix windows and forms based
authentication however the articles I have found wont exactly accomplish
i need since I do not have my intranet as an application.

I have anonymous turned off and integrated authentication turned on so
anyone internally does not get prompted for a username and password, the
external side first hits my redirection to ssl page (shich is set to allow
anonoymous access) and then the user gets prompted for a username and
password via the standard windows popup since I have windows NTFS
set on the entire directory.

What I want to do is if a user is not authenticated via integrated, i want
to present them with a pretty form to log into instead of the windows pop
box, and then authenticate them against Active Directory and then pass the
authenticated credentials to IIS as they were logged into the computer
those credentials exactly as Microsoft has done with Exchange webmail.

Is this possible and any steps in the right direction would be
I have the form written and is authenticating via Active Directory and
doing the redirect to the home page via ssl, the only problem I have to
the details on is passing those credentials to windows security so they
not prompted for the user name again via the windows pop up box. It looks
though the OWA logon passes those credentials to a .dll file that is

Thanks in advance for any tips helping me out on this one.
Please let me know if any of this is unclear.