473,327 Members | 2,016 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

ASP security (anonymouse vs integrated) problem...

Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?
Jul 19 '05 #1
2 1782
I think the information you need is here:
http://support.microsoft.com/?id=258063

Cheers
Ken

"Graeme Coutts" <Gr**********@discussions.microsoft.com> wrote in message
news:F7**********************************@microsof t.com...
: Developed a web application which adopts a custom security model which
displays a login page and requests a username/password combination. The
username works in a mixed-mode of usernames matched with the windows login
name and some extra accounts (similar to SQL mixed-mode security). Web
application is executed both in the corporate intranet and externally on the
web.
: Getting user complaints about having to login to the web application when
they have already logged-on to windows. I have coded a challenge/response
(response.status=401) to get a user's window login through the
ServerVariables. This seems to work OK for the intranet access. If the
user's windows account is not located in the application database then I
redirect to the standard login page for the username/password combination.
When the application is executed across the internet through a firewall, the
user is prompted by IE to enter the windows domain, username, and password.
There seems to be no mechanism to avoid this because of the
challenge/response code. I wish that with external access from the internet
that users are automatically directed to the application login screen and
not faced with the IE windows authentication dialog.
: Anyone care to offer a solution?
Jul 19 '05 #2
Unless a user is logged into the domain, they will always get the popup box.
Period.

If they are loggeed in, from outside, the machine can be set up to help you.
Most users home machines are not set up to automagically have the browser
pick up domain account, however. I am not sure what has to be set, as it has
been ages since I have been on the SE side of the world.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
"Graeme Coutts" <Gr**********@discussions.microsoft.com> wrote in message
news:F7**********************************@microsof t.com...
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The
username works in a mixed-mode of usernames matched with the windows login
name and some extra accounts (similar to SQL mixed-mode security). Web
application is executed both in the corporate intranet and externally on the
web. Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response
(response.status=401) to get a user's window login through the
ServerVariables. This seems to work OK for the intranet access. If the
user's windows account is not located in the application database then I
redirect to the standard login page for the username/password combination.
When the application is executed across the internet through a firewall, the
user is prompted by IE to enter the windows domain, username, and password.
There seems to be no mechanism to avoid this because of the
challenge/response code. I wish that with external access from the internet
that users are automatically directed to the application login screen and
not faced with the IE windows authentication dialog. Anyone care to offer a solution?

Jul 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Guy Incognito | last post by:
Hello, I'm having a problem adding integrated security to an asp.net web application. IIS runs on server A and SQL server runs on server B. The folder containing the web application is set to...
3
by: Robb Gilmore | last post by:
Hello, We have a C#.NET app which runs as a windows service. Periodically it needs to post information via the internet to a remote server. For the posting, we are using HttpWebRequest class....
1
by: Tilted | last post by:
Hi I have an application which has been deployed and worked fine on all previous workstations, it is c# based and uses Crystal connecting directly to MSDE using stored procedures and the...
2
by: Phil Townsend | last post by:
I have been attempting to persuade our systems admin staff to allow us to use integrated security by adding the aspnet user to SQL Server. Currently we are forced to use a connection string that...
2
by: Joseph Geretz | last post by:
I'm having a credentialing problem in my web application. Actually, I don't think this is an IIS security issue, since I'm able to access the page I'm requesting. However, the executing page itself...
7
by: Stephen | last post by:
I have my intranet setup on our web server. It contains multiple applications, but none are set up in the default application pools. In other words, I create a webform and plop it into a...
5
by: cdlipfert | last post by:
Our intranet is running under windows integrated security. We have domain users that want to access our intranet site via ssl vpn. SSL VPN can not authenticate against services that run under...
7
by: Henry | last post by:
I am writing a Windows forms VB.Net/MS SQL application via VS 2003 that utilizes Crystal Reports. I want to be able to dynamically set the report data source at run time. I'm trying to change...
0
by: jacorona | last post by:
Hello all, I have found a problem accesing a web service hosted in IIS 5.0 in a W2K box. The web service site is configured to accept both integrated windows authentication and client certificates....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.