pass credentials to site with Windows Authentication

I know there have been some similar posts, but I cannot determine if this is truly impossible, or just difficult.

We have a site that uses Windows Integrated Authentication, and so it pops up the windows dialog to get credentials before allowing access to the site. there is no Anonymous access on this site.

Is there any way to create a logon page on another site, and then after capturing and verifying the credentials (i'm able to do this with API calls to advapi32.dll), pass these credentials to IIS so that the user is not prompted again.

I know that once I'm prompted, as long as I don't kill the IEXPLORE.exe session, I can start new windows without being prompted (ie. with links that have target="_blank"), but once I close the initial browser, I'm prompted again.

Can I cache the credentials somehow, or can I open a new windows using a RunAs? I cannot believe this isn't possible.

The problem is that I cannot use Forms authentication becuase the web application is purchased and I don't have access all the code. The application is Altiris Helpdesk, if that helps anyone.

Thanks for any help someone can provide.

Craig

re: pass credentials to site with Windows Authentication

Sounds like you are trying to achieve single sign on. This is usually taken as a moot point with NT Authority (windows). So here is an article that may help:
ASP.NET 2.0: Implementing Single Sign On (SSO) with Membership API

re: pass credentials to site with Windows Authentication

This seems to discuss asolution, but I'm not sure it will work in our situation.

As I said, we are using Windows Integrated Authentication, but our problem arises by the fact that we log into the website application with different AD credentials than we use for our desktop logon. Therefore, we are prompted for our credentials each time.

The other problem is that we don't have access to the part of the application that controls security. This is a purchased application and we can only modify certain aspects of it. I believe the security code is embedded in DLLs that I cannot change.

Therefore, the only way I can think to get around this is to do with a page what the Windows popup is doing - i.e. prompt for, validate and cache credentials. I'm able to validate the credentials using the API I mentioned before, so I just need to know how to 1) cache them for the session, or 2) pass them to the application (or IIS).

The only reasons for wanting to do this are to 1) avoid the user having to type DOMAIN\USERID in a popup (when most people don't know their domain), as well as 2) brand the logon page a little more.

I guess I'm looking for ways to pass this information during a redirect so that its not prompted in a Windows Authenticated environment.

re: pass credentials to site with Windows Authentication

Usually Windows Authentication is used for Intranet applications.

In this case you should consider looking at reconfiguring your network so that only one AD is used instead of 2.

-Frinny

re: pass credentials to site with Windows Authentication

The problem is that we are migrating to a Single Sign On environment, and creating a new AD to support it. Users across the campus are on different ADs, but will eventually be using the one.

In the interim, I need to solve the problem where a user is logged into a machine on one AD, but the application uses credentials in another AD.

re: pass credentials to site with Windows Authentication

I think you're going to have to look into impersonating the user.
Check out this article on How to use windows authentication for more details.

There are a bunch of articles there on how to implement authentication/authorization.

-Frinny