0

I do NOT want to use intergrated mode. I do NOT want to use intergrated mode.

So please no links to layered authenication. Thats NOT what i want.

What I have is this, a anonymous page that authenicates a user, after then it passes off the user information and created a windows authenication that can be used and authenicated in all windows authenication websites. The key here is I dont want to input the domain, the user can just input their username and password.

So basically a user by default is on default.aspx. Then the user inputs their username and password and clicks submit. Their username and password is then submitted to secure/landing.aspx which creates their windows login by adding the domain to it.

Here's my question, how do you accomplish this? basically using cookies? Creating an windows auth cookie the same way you create a forms cookie?

Do I have to have the user input into default.aspx, then on the same level navigate to landing.aspx which creates the windows auth and then pass into secure?

So my main questions is this.

  • How do you create a anonymous access into a windows authenication
  • How do you create the windows authenication?

    • This what I have so far for my web.config 

    <configuration>
  <system.web>
    <authentication mode="Forms">
      <forms cookieless="UseCookies" defaultUrl="~/Default.aspx" enableCrossAppRedirects="true" loginUrl="default.aspx" name=".ASPXAUTH" path="/" protection="All" requireSSL="false" slidingExpiration="true" timeout="10080"/>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>
  <location path="default.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
    <system.webServer>
      <security>
        <authentication>
          <anonymousAuthentication enabled="true"/>
          <windowsAuthentication enabled="false"/>
        </authentication>
      </security>
    </system.webServer>
  </location>
  <location path="secure">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
    <system.webServer>
      <security>
        <authentication>
          <anonymousAuthentication enabled="false"/>
          <windowsAuthentication enabled="true"/>
        </authentication>
      </security>
    </system.webServer>
  </location>
</configuration>

    I keep looking at this example but i'm not sure about the Bal() and how the role providers work. How to configure IIS7 when using mixed mode authentication with asp.net

    Community
    • 1
    • 1

    1 Answers1

    0

    I think this article on ActiveDirectoryMembershipProvider Class might help you

    This class helps you perform a windows login by accepting a username and password.

    Also please check this out

    Community
    • 1
    • 1
    developer747
    • 15,419
    • 26
    • 93
    • 147
    • Developer - can this actually do what i'm looking for, i call System.Web.HttpContext.Current.User.Identity.IsAuthenticated from the outside world and the user isnt authenicated –  Apr 26 '13 at 17:04
    • I have never tried it myself. But as long as the web server has access to the Active directory, theoretically it is possible. Because it authenticates the user based on whats passed in the tcp/ip packet in the http request. Which practically means that it looks at the cookie to know who you are. – developer747 Apr 29 '13 at 14:45