Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Security / January 2005

Tip: Looking for answers? Try searching our database.

Seamless Login Page with ASP Dotnet

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Joe Rigley - 28 Jan 2005 14:25 GMT
Hi,

I'm a little new to ASP Dotnet, but have been coding in classic ASP for over
5 years...

I'd appreciate some suggestions/guidance in writing an Intranet login page
that authenticates domain users to AD on a Win2003 server.  Is it possible
to code an .aspx page that will "automatically obtain the login user's
creditentials" (User ID and/or P/W) they provided to AD when the user logged
into their workstation?  When I say "automatically obtain the creditentials"
I mean the user does NOT enter any info on the page.  The code behind page
some how obtains that info via classes or objects or the Dotnet Framework.
I'd like to use that info to re-verify the account that is still active in
AD via an LDAP lookup.  If it is still valid, then allow the user into
various Intranet websites, thus providing an "Automatic or Seamless" login
for the users.

Is something like this possible to do?  I thought I read somewhere that it
was possible with ASP Dotnet and not in classic ASP.  Please let me know if
that is true and a basic plan on how could make it happen.

Any suggestions would be appreciated.  Thanks,
-Joe
Reply to this Message
Chris Rolon - 28 Jan 2005 17:11 GMT
In order to get the credentials of the user you will have to setup IIS for
your site as follows:
1. Disable anonymous access to you site in IIS.
2. Enable Windows Integrated Authentication.

In ASP .Net you will need to add the following to web.config:
<identity impersonate="true" />

In your code you do the following:
WindowsPrincipal wp = new WindowsPrincipal(WindowsIdentity.GetCurrent());

This will create a WindowsPrincipal with the user that is currently logged
into the domain. If you allow anonymous access or do not impersonate, the
WindowsPrincipal will be for the account used by ASP .Net. That will either
be ASPNET or NETWORK SERVICE.

Chris Rolon

> Hi,
>
[quoted text clipped - 19 lines]
> Any suggestions would be appreciated.  Thanks,
> -Joe
Reply to this Message
Joe Rigley - 28 Jan 2005 19:20 GMT
Chris,

Excellent info!  Just the kind of help I was hoping for!  I greatly
appreciate your time helping me with this.  I will give it shot next week
and see how it goes.

Much obliged,
-Joe

> In order to get the credentials of the user you will have to setup IIS for
> your site as follows:
[quoted text clipped - 41 lines]
> > Any suggestions would be appreciated.  Thanks,
> > -Joe
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.