Re: supporting multiple authentication methods

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: bb (bb.a_at_t.osix.net)
Date: 03/16/04 

Date: Tue, 16 Mar 2004 15:59:46 +0000

bb wrote:

hmm i was banking on server.transfer working (i did think i had tested it)

the reason i was assuming i would require a server.transfer, is that i
wanted to put some information in the Context. which when received by
the page in the Forms Auth application knows that the call to the page
must have occured from the server, (not frigged by a user). I understood
i cannot do this from a redirect?

if i use a redirect, will i not need to use some other method of
ensuring the request is absolutely valid? like using a database table to
store some kind of guid for the authenticated user, and testing it in
the forms page? i just was hoping to avoid having to do something like that.

db

bruce barker wrote:
> seems ok, other than you can not server transfer between apps, you must use
> a redirect.
>
> -- bruce (sqlwork.com)
>
>
> "bb" <bb.a@t.osix.net> wrote in message
> news:#Eba57qCEHA.2908@TK2MSFTNGP09.phx.gbl...
>
>>i have a requirement to support forms and windows integrated
>>authentication, for an application.
>>
>>i was going to use two nested web configs with differnet authentication
>>modes, which both end up assigning you a forms ticket (upon correct
>>login) and redircting you into the main app
>>
>>however i understand you cannot have mixed authentication types for one
>>application.
>>
>>instead im about to have two separate web apps, one windows one forms.
>>the windows one (on successful login) server.transfers you to the other
>>application (after setting some information in the context) the other
>>app then receives this instruction and sets your forms ticket.
>>
>>this seems like my best solution, but is this really the way i should be
>>tackling this problem?
>>
>>db
>>
>
>
>

Relevant Pages

  • Re: Passing form credentials to windows security
    ... I am also having troubles getting customauth to redirect to a specified logon ... However, the custom scheme you describe (try Windows first and if it fails, ... the standardized browsers and the authentication protocols just don't ... You can configure two websites, one Intranet that is Windows only, the other ...
    (microsoft.public.inetserver.iis.security)
  • Re: Authentication
    ... The wrapper app has to use form authentication (can NOT use windows ... My existing apps require to use windows authentication (this is just the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows 2000 Server SP4 ASP.NET 1.1/2.0
    ... Use the Windows 2000 box to host ... the apps and then redirect them to the Windows 2003 box. ... > In IIS, if I redirect to another server running Windows 2003 Server, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows 2000 Server SP4 ASP.NET 1.1/2.0
    ... Use the Windows 2000 box to host ... the apps and then redirect them to the Windows 2003 box. ... > In IIS, if I redirect to another server running Windows 2003 Server, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows authentication in code
    ... Typically, when you do authentication in code like this, you do it as part ... Why not just use Windows auth? ... may be that impersonation is not the way to go. ... you may redirect him to a windows ...
    (microsoft.public.dotnet.framework.aspnet.security)