Re: Urgent - need help with logging anonymous and Active Dir users without login form

Hi Brad



Thanks for the tip!



I have tried you solution and I could not make it work. But combining my old
solution and yours actually worked. My solution is based on windows
authentication with anonymous user. Only thing I missed was how to be sure
that user is coming from intranet or from extranet. So, the part of your
code regarding dns was missing link ;-)



If you are interested in complete solution (or anyone else) I can post it
here or send you on email. Here is only brief description.



Best regards,

PV



Solution in brief, not completed, optimized and commented yet.

----------------------------------------------



IIS settings:



Anonymous access: turned ON

Account used for anonymous access: DOMAIN\iisauth (new domain
whose only purpose is to access as anonymous)

Password: of course password of the 'iisauth' user

Allow IIS to control password: turned OFF

Integrated Windows authentication: ON





WEB Config:



<configuration>



<appSettings>

<add key="DOMAIN_NAME" value="DOMAIN" />

<add key="ANONYMOUS_IISAuth" value="iisauth"/>

</appSettings>

....

<system.web>

..

<identity impersonate="true" />

<authentication mode="Windows"/>



<authorization>

<deny users ="?" />

<allow users ="*" />

</authorization>

..



Globalasax.cs:



private string DOMAIN_NAME =
System.Configuration.ConfigurationSettings.AppSettings["DOMAIN_NAME"];

private string ANONYMOUS_IISSpirelloAuth =
System.Configuration.ConfigurationSettings.AppSettings["ANONYMOUS_IISAuth"];

private FormsAuthenticationTicket _authTicket;.

..

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

SetCurrentAuthUser();

}

..

..



private void SetCurrentAuthUser() // set user from cookie

{

if (!User.Identity.IsAuthenticated)

{

string cookieName =
FormsAuthentication.FormsCookieName;

HttpCookie authCookie =
Context.Request.Cookies[cookieName];



if (authCookie != null)

{

FormsAuthenticationTicket authTicket =
null;



try

{

authTicket =
FormsAuthentication.Decrypt(authCookie.Value);

}

catch (Exception exp)

{

return;

}



if (authTicket == null)

{

return;

}



SetContextUser(authTicket);

}

else

{

if (WindowsIdentity.GetCurrent().Name ==
DOMAIN_NAME + "\\" + ANONYMOUS_IISSpirelloAuth)

{

SetAuthCookie(DOMAIN_NAME +
"\\" + ANONYMOUS_IISSpirelloAuth);

bool isDomainUser = false;

// Check if client computer
is on coming from our network

try

{

System.Net.IPAddress
clientIPAddress = System.Net.IPAddress.Parse(Request.UserHostAddress);



string dnsName =
System.Net.Dns.GetHostByAddress(clientIPAddress).HostName;

// create a list
of domain user could come from.

// if network
has only one domain then just do the IndexOf without a For/Each

string[] mask =
new string[] {"localhost", "DOMAIN", "domain"};



foreach (string
dnsMask in mask)

{

if
(dnsName.IndexOf(dnsMask) >= 0)


isDomainUser = true;

}

}

catch (Exception ex)

{

}

if (!isDomainUser)

SetContextUser(_authTicket);

}

}

}

}







private void SetContextUser(FormsAuthenticationTicket authTicket)

{

GenericIdentity id = new GenericIdentity (authTicket.Name,
"LdapAuthentication");

string[] groups = new String[] {"everyone"};





GenericPrincipal principal = new GenericPrincipal(id, groups);

Context.User = principal;

}







private void SetAuthCookie(string userName) // bind auth cookie

{

FormsAuthenticationTicket authTicket =

new FormsAuthenticationTicket

(

1, // version

userName,

DateTime.Now,

DateTime.Now.AddMinutes(60),

false,

userName // group actually

);



_authTicket = authTicket;



string encryptedTicket = FormsAuthentication.Encrypt
(authTicket);



HttpCookie authCookie =

new HttpCookie

(

FormsAuthentication.FormsCookieName, encryptedTicket

);



Response.Cookies.Add(authCookie);

}


.