I have the following requirement: if a user in domain 2 goes into an ASP.NET site that is in domain 1, then the site should display a customised login form to validate the user. But if a user from domain 1 surfs to same the ASP.NET site (on domain 1), then Windows authentication (using Active Directory) takes place, so the user should goes straight through to the site content without seeing the login form.
How would I go about doing that?
Would I first need to detect the request domains? I have tried HttpContext.Current.Request in Page_Load() but have not yet been successful in detecting which domain a request is from.
Also, how should I setup the site authentication mode? Would I need Windows authentication for domain 1 users, and forms authentication for domain 2 users? I have also not been able to succeed in this, since IIS 7.5 complains that I cannot have both Windows and Forms authentication turned on.
Thanks.
Surely not an answer but due to the length, I am adding it as answer not comment.
AFAIK, IIS 7.5 allows both authentications to be enabled but no through web.config, you have to do it through IIS Management console, furthermore the scenario you described is handled through claims authentication (windows for intranet and forms for extranet) in Sharepoint 2010. I think same approach can be used in ASP.NET application since Sharepoint is also built on top of ASP.NET 3.5. More over you can look into Federated Authentication APIs present in .Net. You can explore the following links Claims Aware ASP.NET Applications and Federated Authentication and Enabling Federated Authentication for ASp.NET in Azure. Hope this helps.
Related
I have 2 Asp.net website in the same ISS7 webserver.
Both site use forms authentication.
When I'm logged in on first web site and I try to login on second web site, I lost authentication on fisrt one.
I need use both site on same browser and now is impossible.
What can I do to solve my problem?
SOLVED
I found solution in this post
Multiple applications using same login database logging each other out
Ensure that both web applications are using the same machineKey values in the web.configs. This is used for encryption/decryption of the forms authentication ticket. There is really good information here: http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=vs.100).aspx
I have a application on iis7 using anonymous authentication. I want to retrieve the LOGON_USER from the server variables. It is currently empty. Microsoft suggests how to populate the values of serer variables in this post.
But that is for iis5 & 6. How to do it in IIS7?
Actual problem I am trying to solve is: the application is for intranet and internet users and is a sitecore application running on iis7. If I use windows authentication, I get the domain and username and I can bypass login for intranet users, but for external users, i need to have anonymous authentication also. Having both together will not populate values in the server variables. Have been going through many posts. Also this which says to use Forms and windows authentication.
Not able to solve it properly.
Any help is appreciated.Thanks!!!
In order to track a user profile, the user will need an ASP.Net profile created.
There is programming involved to associate a Sitecore DMS/OMS visitor profile with an actual Asp.net profile. If you want to continue to track Sitecore user profile, you would have to use the Tracker.Visitor.ExternalUser and not iis to determine the current visitor on the internet site.
I had a site hosted in IIS 7.5 with the Classic pipeline. I had set the authentication for that site so that Windows and Forms authentication were enabled, but anonymous was not. This caused the user to be prompted the first time they came to the site for the Windows authentication. Then it would bring them to the site as normal. This was set up for a review site for our client to be able to exclusively access that site without anyone accidentally stumbling upon it.
I just updated that site and moved it over to the Integrated pipeline. Now, when you first go to the site, it still prompts for the Windows authentication, but then it brings you to the loginUrl specified in the web.config for the forms authentication, which is not what I want.
From what I understand about the 2 pipelines' affects on authentication, I believe it is the issue. Is there any way I can replicate the behavior I was originally getting in Classic mode now that I've switched to Integrated mode?
I need to integrate my sharepoint site and ASP.net site. So, First login will occur in the SharePoint site with Active Directory authentication and from there i need to traverse to ASP.Net site through a link. Now my question is whether its possible to pass my SharePoint Active Directory credentials to ASP.Net site? Will i be able to do this through a query string? Will i be able to navigate to and fro between SharePoint and ASP.Net sites.
The main point here is the user should not enter his credentials twice ( ie.. He should be authenticated automatically while navigating between two sites.)
What are the options available for me?
Do these things possible to achieve? SharePoint will be hosted using Windows SharePoint Services 3.0.
Thanks in advance,
ReplyQuote
Is the ASP.NET site on the same network? If so, then you can use AD (Windows Auth) for authentication on the ASP.NET site just like you're using it on the SharePoint site. You don't need to pass the credentials, and you can't anyway since all you have is an authenticated identity. If you configure the ASP.NET site to require Windows Authentication, you'll be able to get the user's identity from the server variables (AUTH_USER).
See How to: Use Windows Authentication in ASP.NET 2.0
Can you please post a small explanation of the prerequisites of using Windows Authentication?
I know that you have to turn Windows Authentication on from web.config or IIS and define domain.
Does the web server have to be connected to the Active Directory server or not, and how to get user info from Active Directory like name and description?
You don't have to be on a domain. The local server user accounts can be used with windows authentication. If the machine is on a domain, then either AD users OR local users can be used with windows authentication.
The minimum that has to be in place to use windows authentication in asp.net is that IIS has to have Windows Authentication enabled for the web site. IIS can still have other authentications enabled for the site too, even anonymous authentication can be used in conjunction with windows auth... as long as windows authentication is enabled also asp.net can use it.
Otherwise, your question is too broad for a good answer here. Authentication in asp.net is a very big topic; and when you add AD to the mix it gets bigger. I recommend checking out the MSDN documentation, reading through it, experimenting with it, then coming back here with more specific questions.