471,071 Members | 8,731 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,071 software developers and data experts.

how to use windows and forma authentication combined

Hi,

I am building a web-application which should be available for intern
and extern users. For intern I would like to use windows authentication
and for extern I have to use forms authentication.

What is the best way to do that, can I have them both on the same
application with same web.config, or do I have to have two applications
on same server. Can I arrange them so that all my aspx files and /bin
is only once copied to server , or I have to copy it twice. One more
important thing web server and users are not in the same domain, but I
hope that sys-admins can establish One-Way trust, so that web server
knows and trusts our user-domain.
Thanks
Almir

Nov 19 '05 #1
1 1117
Go ahead and set up the forms auth, as that is the more time consuming. Test
and make sure you can log in. Then, change the config to windows auth and
make sure a user can log in that way. You now have the app set up for both
environments.

NOTE: The above setup dictates that you have two apps with the same code
base and a different configuration. While you can use both in a single app on
a single server, it can get a bit touchy, as you generally have different
security needs for different types of users. By separating the deployment to
two servers (internal and external), you reduce the likelihood of a security
hole.

Having said that, to allow windows auth on a forms auth requires that IE is
set up to send user credentials rather than attempt an anon login first. If
you detect an account other than anonymous, you issue the forms auth ticket.
Then, there is no need to redirect the user to the login page. The actual
coding can be a pain, however, which is one of the reasons I suggest separate
deployment for internal and external.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"ka*****@gmail.com" wrote:
Hi,

I am building a web-application which should be available for intern
and extern users. For intern I would like to use windows authentication
and for extern I have to use forms authentication.

What is the best way to do that, can I have them both on the same
application with same web.config, or do I have to have two applications
on same server. Can I arrange them so that all my aspx files and /bin
is only once copied to server , or I have to copy it twice. One more
important thing web server and users are not in the same domain, but I
hope that sys-admins can establish One-Way trust, so that web server
knows and trusts our user-domain.
Thanks
Almir

Nov 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by Bob Everland | last post: by
reply views Thread by Chris Mayers | last post: by
2 posts views Thread by Amedee Van Gasse | last post: by
3 posts views Thread by Sudha Pune | last post: by
3 posts views Thread by Ronald S. Cook | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.