Forms and integrated authentication combined

From: Jason (jason_at_solid.freeserve.co.uk)
Date: 03/09/04 

Date: Tue, 9 Mar 2004 23:19:01 -0000

I know how to use both Forms and Integrated Windows authentication. However,
both of them have a critical problem, namely :-

Windows authentication is very touchy when going through firewalls and some
user settings on the client end can completely screw up NT authentication
altogether. Works very well when it works, a royal pain when it doesn't.
Also, while 98% of our users are on a domain, there is a requirement for odd
users to be able to connect it without being a domain user.

Forms authentication suffers from the problem that users will inevitably use
the same password as their NT account, meaning passwords would be stored in
a less secure database. I could authenticate on the domain each time they
log in, but then the login.aspx page could be hacked to siphon off these
passwords.

What I am trying to get is a combination of the two, so that NT
authentication will try first and if this doesn't work, then Forms
authentication takes over.

I could achieve this if there a way, within the login.aspx page to find out
the logged on NT user. But NT authentication seems to be all or nothing. If
they don't pass authentication, then it will not allow them to view the
page.

Basically, I want to leave "Anonymous access" and "Integrated Windows
Authentication" both switched on, but for "Integrated Windows
Authentication" to be used in the first instance. Currently if "Anonymous
access" is selected, then that is what is used.

Is what I am trying to achieve possible

Jason.

Relevant Pages

  • Re: IIS 6 Integrated Security....risks??
    ... Integrated Windows Authentication does not secure your server, ... Windows already stores usernames and passwords securely. ... you need a single authentication store - something like Active ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows Authentication problem with IIS6 (Win2k3)
    ... Authentication Protocol is Integrated ... Jeff - Thank you SOOOOO much - your suggestion to check out the IIS ... regardless of the IE setting regarding Enabling Integrated Windows ... >>I believe the problem to be something related to the Kerberos technology, ...
    (microsoft.public.inetserver.iis)
  • Re: Windows Authentication problem with IIS6 (Win2k3)
    ... Authentication Protocol is Integrated ... Jeff - Thank you SOOOOO much - your suggestion to check out the IIS ... regardless of the IE setting regarding Enabling Integrated Windows ... >>I believe the problem to be something related to the Kerberos technology, ...
    (microsoft.public.inetserver.iis.security)
  • Re: All advice welcome!
    ... security settings all started working as normal. ... enabling basic authentication seems to have solved ... > using the integrated Windows method when they are on the same workgroup ... > account set up is the same across both of the XP machines and they are ...
    (microsoft.public.inetserver.iis.security)
  • Re: All advice welcome!
    ... enabling basic authentication seems to have solved ... I am a little confused as to why my existing two workstations appear to work ... the integrated windows option to work. ... Since this is a workgroup environment, there is no centralized account ...
    (microsoft.public.inetserver.iis.security)