Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Security / December 2004

Tip: Looking for answers? Try searching our database.

ASP.Net Forms authentication & Windows Auth combined

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Vince - 06 Dec 2004 18:44 GMT
I have a situation where I would like to use forms authentication and
windows authentication combined.  Basically, I would like to use a form to
get the user's ID and password, and then validate those against the domain
just like IIS does when using Windows authentication.  Also at login time I
would initialize their session variables.

I've seen the FormsAuthentication class, but it says that when you call
Authenticate it validates the credentials against the configured credential
store.  How do I configure it so that it validates against the Windows
domain?  Or is this the wrong class to use to meet my requirement?

Thanks in advance,
Vince
Reply to this Message
Joe Kaplan \(MVP - ADSI\) - 06 Dec 2004 19:08 GMT
You would need to implement your own code to log the user in.  That's
generally what they mean by "configured credential store".  Since forms
authentication is pretty arbitrary, they leave you to write the code.

The easiest thing to do would be for you to call the LogonUser API to
authenticate the user and get a login token for them.  You could also use
LDAP to authenticate them with the DirectoryEntry class or use SSPI to
authenticate them.

I think if you do some searches, you'll find implementations for all of
these approaches.

Joe K.

>I have a situation where I would like to use forms authentication and
>windows authentication combined.  Basically, I would like to use a form to
[quoted text clipped - 9 lines]
> Thanks in advance,
> Vince
Reply to this Message
Vince - 06 Dec 2004 20:16 GMT
I read through the LogonUser information I found on the web, and I'm
concerned about the following statement:  The user account must have Log On
Locally permission on the local computer.
Now I know that users authenticate using Windows authentication just fine,
but does that mean they have the "log on locally" permission that LogonUser
requires?

Thanks,
Vince

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> You would need to implement your own code to log the user in.  That's
> generally what they mean by "configured credential store".  Since forms
[quoted text clipped - 24 lines]
>> Thanks in advance,
>> Vince
Reply to this Message
Joe Kaplan \(MVP - ADSI\) - 06 Dec 2004 20:48 GMT
Generally, they will have log on locally enabled.  You don't need to grant
them interactive login.  It can be set to batch (configure in local security
policy).  They also don't have to have any rights to anything sensitive.

It think the bigger issue with LogonUser is if you are going to use it under
Win2K.  If so, the account calling the function must have Act as part of the
operating system privilege which is normally only granted to SYSTEM.  This
restriction is lifted for XP and 2003.

Joe K.

>I read through the LogonUser information I found on the web, and I'm
>concerned about the following statement:  The user account must have Log On
[quoted text clipped - 35 lines]
>>> Thanks in advance,
>>> Vince
Reply to this Message
Vince - 07 Dec 2004 12:04 GMT
Yep, I got it working!

Thanks!
Vince

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> Generally, they will have log on locally enabled.  You don't need to grant
> them interactive login.  It can be set to batch (configure in local
[quoted text clipped - 48 lines]
>>>> Thanks in advance,
>>>> Vince
Reply to this Message
Patrick Olurotimi Ige - 29 Dec 2004 01:00 GMT
Vince 'm interested how u finally got ur Mixed Auth working and what
resources did u use..
Pls try posting this.
Thx
Patrick
Reply to this Message
John M Deal - 06 Dec 2004 19:37 GMT
Accidentally posted this to another message. Anyway, I came across an
article a bit back on ASP Alliance that talks about doing something
similar. It may be able to point you in the right direction.  Hope it helps.

http://aspalliance.com/553

Have A Better One!

John M Deal, MCP
Necessity Software

> I have a situation where I would like to use forms authentication and
> windows authentication combined.  Basically, I would like to use a form to
[quoted text clipped - 9 lines]
> Thanks in advance,
> Vince
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.