Hey all,

I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge.  Ok. :)

We are looking at redoing our entire Intranet, starting over from scratch,
as a .Net website.  Our current site has two separate sides, a public side
for all viewers, and a secure side for those granted permission can access
apps to update web info, databases, etc.  In moving to .Net we would like to
use Integrated Windows Authentication with our pages.  We will be putting
the Intranet server under a Domain Controller where the users and user info
will be pulled from.

We would like to have the pages similar to what you would see on eBay, or
Amazon, or any number of Blog sites.  That is, you can surf and view and
bounce around all the pages, but unless you log in you cannot view your
personal information.  However, if you do log in, the public pages take on
new buttons or links because those pages know who you are.  In essence, the
public side and secure side merge into one, and page items turn on or off
depending on your logged in status.

I have Google'd on "integrated windows authentication" and, of course, have
found numerous websites.  It is almost overwhelming.  I found a few good
articles here:

Active Directory Authentication from ASP .NET

http://msdn.microsoft.com/library/en-us/sds/sds/active_directory_authentication_
from_asp__net.asp

Securing an ASP.Net application...

http://www.dotnetjohn.com/articles.aspx?articleid=19

HOW TO: Authenticate against the Active Directory by Using Forms
Authentication and Visual Basic .NET

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

Developing Secure Web Sites with ASP.NET and IIS

http://www.c-sharpcorner.com/Code/2003/March/SecureSiteWithASPNET.asp

Windows Authentication in ASP.NET

http://www.dotnetbips.com/displayarticle.aspx?id=10

(Joe Kaplan (MVP - ADSI), if you read this, I also saw your postings
recently on somewhat this subject in this newsgroup.)

I am still having trouble interpreting and understanding all this
information and now look to some of you to help possible translate it into
English.  The last URL above provided an example that shows how to use
System.Security.Principal to determine the user name and authenticated
status (which I have tested successfully).  But this just pulls from the
system when the user logged in after turning on the PC.  The other URL's
state that in an Intranet environment, IAW is the thing to use - which is
where this is going.  But I need to offer the ability for a user to log in
and log out, and when not logged in they are set as "anonymous" - not just
automatically pull system info.  So this seems I need to use Forms
Authentication?  Looking at examples of Forms Authentication, at my level of
experience, are quite long, involved, and a bit over my head in their
explanations.  Do I use one over the other?  Both together?  Help?

So, I am asking for some help here in understanding the .Net techniques to
develop a website that uses Integrated Windows Authentication (using Active
Directory from a Domain Controller) to authenticate users, but requires
users to log in, and allows them to log out.  I can control the visual
changes on the page(s), I just need help on the log-in/log-out, security,
authentication part of it.

Your comments, suggestions, tips, and other input are gladly accepted and
appreciated.  Oh, and in VB.net if possible please, though I turn away
nothing. :)

-- Andrew