We have a SharePoint web application that uses Windows Authentication e.g. extranet.test.com.
We also have an ASP.NET web application that uses Windows Authentication e.g. webapp.test.com
However when navigating between the two applications, users must authenticate a second time. Is there a way to prevent this?
I have searched the web but have been unable to find a suitable answer. I have seen many examples using Forms Based Authentication but this is not a viable option since we are using the Active Directory.
Thanks in advance.
What is the authentication scheme you are using: NTLM / Kerberos ?
If you are using Kerberos, you can simply enable credential delegation between two applications.
If you are using NTLM, the only solution is to put them in Intranet zone. You can enforce it using Domain policy. Not that this will work only if the users are logged on to domain.
Related
I have 2 Asp.net website in the same ISS7 webserver.
Both site use forms authentication.
When I'm logged in on first web site and I try to login on second web site, I lost authentication on fisrt one.
I need use both site on same browser and now is impossible.
What can I do to solve my problem?
SOLVED
I found solution in this post
Multiple applications using same login database logging each other out
Ensure that both web applications are using the same machineKey values in the web.configs. This is used for encryption/decryption of the forms authentication ticket. There is really good information here: http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=vs.100).aspx
I have the following requirement: if a user in domain 2 goes into an ASP.NET site that is in domain 1, then the site should display a customised login form to validate the user. But if a user from domain 1 surfs to same the ASP.NET site (on domain 1), then Windows authentication (using Active Directory) takes place, so the user should goes straight through to the site content without seeing the login form.
How would I go about doing that?
Would I first need to detect the request domains? I have tried HttpContext.Current.Request in Page_Load() but have not yet been successful in detecting which domain a request is from.
Also, how should I setup the site authentication mode? Would I need Windows authentication for domain 1 users, and forms authentication for domain 2 users? I have also not been able to succeed in this, since IIS 7.5 complains that I cannot have both Windows and Forms authentication turned on.
Thanks.
Surely not an answer but due to the length, I am adding it as answer not comment.
AFAIK, IIS 7.5 allows both authentications to be enabled but no through web.config, you have to do it through IIS Management console, furthermore the scenario you described is handled through claims authentication (windows for intranet and forms for extranet) in Sharepoint 2010. I think same approach can be used in ASP.NET application since Sharepoint is also built on top of ASP.NET 3.5. More over you can look into Federated Authentication APIs present in .Net. You can explore the following links Claims Aware ASP.NET Applications and Federated Authentication and Enabling Federated Authentication for ASp.NET in Azure. Hope this helps.
I have an large ASP.Net web application that will have a large number of users and I want to make this site accessible from other sites by take the credentials uses to have authentication to other sites on another domains, to make it easy to understand from you the idea like this site we can access it by using Yahoo, Google or Facebook account
my web application use form authentications.
any Idea to do this
Thanks all
I have tried to find out the links which might help you in your course to support multi-website authentication :-
Facebook Authentication
Google Authentication
OpenId
If you use the passport authentication provider instead of the forms provider on your web site this would enable authentication across domains that support this. This works if you can implement this across your domains or you're using existing sites that already support this.
I have a site where the vast majority of the content will be secured using Forms Authentication. However there is one sub folder that will be used internally by the administrative staff. I would like to secure this folder using Windows Authentication. Is that possible? Would I have to make the admin folder a virtual directory?
CLARIFICATION: There is no need for the administrative staff to access the main site. They are really two separate sites/apps. Regular users will access the main application via Forms Authentication (and never access the admin folder). And admin users will access the admin application via Windows Authentication (and never access the main site).
Thanks,
Corey
Yes, it's possible but you have to build a custom membership provider or an interface to allow for it. It is not possible to specify individual authentication methods on sub-folders unless they are in completely separate projects/application domains.
One method to accomplish this would be to use an LDAP membership provider and change the ldap connection based on the username (if there is a discernible method of doing this).
One other method would be to provide a separate website that uses the Windows authentication to perform the login and then constructs a custom cookie for the user and transfers them back to the original website identifying the individual as a member of the administrative staff.
Then the folder could be secured using the <location> elements in the web.config.
If I was going to build a site with Mixed authentication, I would setup the site to use webforms. I would then setup a virtual application inside of this application that consisted of the same forms auth web.config information but set to use Windows Auth.
On the login page of the windows auth site after you validate their credentials I would then manually call FormsAuthentication to create the auth token. At this point you can then redirect the user to the Forms Auth site and they should be logged in (as long as all the forms auth cookie information is the same for both sites, this might also include needing to setup the same machine keys for both applications).
I haven't done this specifically but this should definitely be a viable (and probably one of the most optimal) solutions.
It may be as simple as right-clicking on the admin folder in Windows Explorer and setting the rights in the Security tab.
Put the administration site in its own application - by right clicking on the folder in IIS manager and and choose convert to application.
Once that's done you can adjust the authentication method on the application by highlighting the application folder in IIS manager and then choosing authentication and adjusting them (or you can do it the hard way via web.config if you can't remote into the machine).
Can you please post a small explanation of the prerequisites of using Windows Authentication?
I know that you have to turn Windows Authentication on from web.config or IIS and define domain.
Does the web server have to be connected to the Active Directory server or not, and how to get user info from Active Directory like name and description?
You don't have to be on a domain. The local server user accounts can be used with windows authentication. If the machine is on a domain, then either AD users OR local users can be used with windows authentication.
The minimum that has to be in place to use windows authentication in asp.net is that IIS has to have Windows Authentication enabled for the web site. IIS can still have other authentications enabled for the site too, even anonymous authentication can be used in conjunction with windows auth... as long as windows authentication is enabled also asp.net can use it.
Otherwise, your question is too broad for a good answer here. Authentication in asp.net is a very big topic; and when you add AD to the mix it gets bigger. I recommend checking out the MSDN documentation, reading through it, experimenting with it, then coming back here with more specific questions.