Thanks for Dominick's good suggestion.
Hello Crpietschmann,
For your scenario, the difficulty here is windows authentication use
completely different authentication mechanism from forms
authentication. The forms authentication is purely done through clear
username/password user put in form and then our application validate
the credential against our custom database. Windows authentication
normally rely on the underlying authentication mechanism of client
browser(IE) and webserver IIS which is not controlable by us. Also,
currently a single ASP.NET application can only be configured to use
single authentication mode.
Are you developing the web application upon ASP.NET 2.0? If so, as you
mentioned that your application is over internet and will be accessed
by both internet user and local intranet user(has windows login
credential), I think you can consider the following approach:
1. Use Forms authentication for your web application.
2. Since ASP.NET 2.0 use provider based model for membership service,
you can configure two membership providers for your web application.
One is Sqlserver membership provider, another is
ActiveDirectoryMembership Provider.
3. And on your application's login form, you can put an option to let
user choose whether he will login as internet user or intranet user,
if internet user, you programmatically use SqlMembership provider to
authenticate it, otherwise, use ActiveDirectoryMembershipProvider to
authenticate the user(against AD ).
e.g.
===================
bool valid = false;
if (IsPostBack)
{
valid =
Membership.Providers["sqlprovider"].ValidateUser(txtUsername.Text,
txtPassword.Text);
}
else
{
Membership.Providers["adprovier"].ValidateUsertxtUsername.Text,
txtPassword.Text);
}
if(valid)
{
FormsAuthentication.RedirectFromLoginPage(txtUsername,
false);
}
===================
In this case, you need to do the authentication and forms
authentication's redirect/sigeout in code rather than directly
utilize the login controls.
Also, since the username/password is passed as clear text on forms
authentication form page, you should consider using https/ssl for the
authentication pages.
Do you think this a possible approach for your scenario?
Please feel free to let me know if you have any questions or other
consideration on this.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx
#notif ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues where an initial response from the community or a Microsoft
Support Engineer within 1 business day is acceptable. Please note that
each follow up response may take approximately 2 business days as the
support professional working with you may need further investigation
to reach the most efficient resolution. The offering is not
appropriate for situations that require urgent, real-time or
phone-based interactions or complex project analysis and dump analysis
issues. Issues of this nature are best handled working with a
dedicated Microsoft Support Engineer by contacting Microsoft Customer
Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
