I'm looking for feedback on an authentication solution we are
considering for an ASP.NET 2.0 project.
The site will be accessed by both internal users who are logged into
the Windows domain, and external (business partner) users via the
internet.
The internal users are required to be authenticated via Windows Integrated Authentication (WIA), and
external users will be authenticated using a custom solution based on a
signed ticket that will be included as a query parameter in the URL.
We are considering implementing this as follows:
1. In IIS, enable anonymous authentication for all resources in the
site except a page called LogonInternal.a spx, which will be protected
by WIA.
2. On session start, perform the following checks:
a) check if a signed ticket is present in the request. If there is
not, then assume the session is for an internal user, and redirect to
LogonInternal.a spx. The OnLoad handler for this page gets the current
user id via WIA and uses this to complete session initialisation
activities (fetching authorisation information, etc from a database).
LogonInternal.a spx then redirects back to the original URL. (If the
request originated from outside the Windows domain it will be rejected
by WIA.)
b) If a signed ticket IS present in the request, then verify the
signature on the ticket, get the username out of the ticket and
complete session initialisation activities as above. Redirect back to
the current request URL, but with the ticket removed from the query
parameters.
If any of the above checks fail, the current session is invalidated and
an error is returned in the response.
I have prototyped the above and it appears to work fine, but some
concern has been expressed about enabling anonymous authentication
throughout the site (except for LogonInternal.a spx).
Can anyone recommend any alternatives that don't require the use of
anonymous authentication? Perhaps using Forms authentication? (If
forms authentication is used as an alternative to anonymous
authentication, it would still have to let internal users be
authenticated via WIA and external users via the ticket mechanism.)
Thanks in advance ...
Steve
0  1249  Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Michael Foord |
last post by:
#!/usr/bin/python -u
# 15-09-04
# v1.0.0
# auth_example.py
# A simple script manually demonstrating basic authentication.
# Copyright Michael Foord
# Free to use, modify and relicense.
# No warranty express or implied for the accuracy, fitness to purpose
|
by: Barry |
last post by:
The MS fix for IE broke how users access our site (if they patch their
browsers), so I need a solution to get users logged onto our site
transparently.
Basically we used to log on to the site by:
http://username:pwd@www.mysite.com/main/ which uses basic auth, but now that
doesn't work. I would like to find a way where I can still use basic auth
and tell the people hitting our site to modify their url to:...
|
by: Buddy Ackerman |
last post by:
If my web site is setup for NTLM authentication and the user is using IE the context.user.identity.name property is the
domain user that is currently logged into the local client workstation. Wehen the user is using FireFox the user is
presented with a login dialog box and that login info is validated against the web servers local user name list and not
the doamin username list. How do I get it to authenticate to the domain when using...
|
by: Samba |
last post by:
Hi,
I've a web application and I'm using Forms authentication. My app contains
some pages that can be viewed by everyone and it doesn't require any
authentication or authoization and these pages mostly come at the start of
the application. After a couple of such 'general' pages, the login screen
comes. How do tackle this situation? Advance thanks for throwing any light on
this
--
|
by: mircu |
last post by:
Hi,
I noticed weird behaviour with the site that is using forms
authentication. I am logged to the site from the same machine from two
browsers (opened separately, not ctrl-N) as different users so two
sessions are created. Then from the one window I logoff but I'm
automatically logouted also from the other browser window. Why?
It is strange that it is working OK if I'm doing it on the same machine
where the web server is located.
| | |
by: code |
last post by:
Hi,
I have stumbled across an interesting problem regarding forms
authentication over multiple sub domains. The topic has been covered in
various forms online but never really gets a definitive answer as to
why it happens.
I have two separate web apps sat on different sub domains of the same
company realm. eg:
|
by: Buddy Ackerman |
last post by:
My app is a .NET forms app that runs in the taskbar and periodically polls a web service. I have a client that wants
the app to integrate with their Active Directory. They do not want the user to have to provide the username and
password to login to the application/web service. I need to be able to send the users authenticated security token to
the web service. I have looked at the UserNameToken class of the WSE 2.0 Security.Tokens...
|
by: Steve |
last post by:
I'm looking for feedback on an authentication solution we are
considering for an ASP.NET 2.0 project.
The site will be accessed by both internal users who are logged into
the Windows domain, and external (business partner) users via the
internet.
The internal users are required to be authenticated via WIA, and
external users will be authenticated using a custom solution based on a
signed ticket that will be included as a query...
|
by: =?Utf-8?B?RmFyaWJh?= |
last post by:
It know that we can use the following method
http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
to form authenticate across multiple applications.
I have created an asp.net application that supports form authentication. My
application is going to be called by another legacy application (HTML) which
does the initial authentication.Something like this:
<form name="form1" action="auth.asp" method="post" >
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
