ASP security (anonymouse vs integrated) problem...

G

Graeme Coutts

Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?
 
K

Ken Schaefer

I think the information you need is here:
http://support.microsoft.com/?id=258063

Cheers
Ken

: Developed a web application which adopts a custom security model which
displays a login page and requests a username/password combination. The
username works in a mixed-mode of usernames matched with the windows login
name and some extra accounts (similar to SQL mixed-mode security). Web
application is executed both in the corporate intranet and externally on the
web.
: Getting user complaints about having to login to the web application when
they have already logged-on to windows. I have coded a challenge/response
(response.status=401) to get a user's window login through the
ServerVariables. This seems to work OK for the intranet access. If the
user's windows account is not located in the application database then I
redirect to the standard login page for the username/password combination.
When the application is executed across the internet through a firewall, the
user is prompted by IE to enter the windows domain, username, and password.
There seems to be no mechanism to avoid this because of the
challenge/response code. I wish that with external access from the internet
that users are automatically directed to the application login screen and
not faced with the IE windows authentication dialog.
: Anyone care to offer a solution?
 
C

Cowboy \(Gregory A. Beamer\) [MVP]

Unless a user is logged into the domain, they will always get the popup box.
Period.

If they are loggeed in, from outside, the machine can be set up to help you.
Most users home machines are not set up to automagically have the browser
pick up domain account, however. I am not sure what has to be set, as it has
been ages since I have been on the SE side of the world.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
Graeme Coutts said:
Developed a web application which adopts a custom security model which
displays a login page and requests a username/password combination. The
username works in a mixed-mode of usernames matched with the windows login
name and some extra accounts (similar to SQL mixed-mode security). Web
application is executed both in the corporate intranet and externally on the
web.
Getting user complaints about having to login to the web application when
they have already logged-on to windows. I have coded a challenge/response
(response.status=401) to get a user's window login through the
ServerVariables. This seems to work OK for the intranet access. If the
user's windows account is not located in the application database then I
redirect to the standard login page for the username/password combination.
When the application is executed across the internet through a firewall, the
user is prompted by IE to enter the windows domain, username, and password.
There seems to be no mechanism to avoid this because of the
challenge/response code. I wish that with external access from the internet
that users are automatically directed to the application login screen and
not faced with the IE windows authentication dialog.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,995
Messages
2,570,236
Members
46,825
Latest member
VernonQuy6

Latest Threads

Top