468,290 Members | 1,906 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,290 developers. It's quick & easy.

how to use windows and forma authentication combined

Hi,

I am building a web-application which should be available for intern
and extern users. For intern I would like to use windows authentication
and for extern I have to use forms authentication.

What is the best way to do that, can I have them both on the same
application with same web.config, or do I have to have two applications
on same server. Can I arrange them so that all my aspx files and /bin
is only once copied to server , or I have to copy it twice. One more
important thing web server and users are not in the same domain, but I
hope that sys-admins can establish One-Way trust, so that web server
knows and trusts our user-domain.
Thanks
Almir

Nov 19 '05 #1
1 1061
Go ahead and set up the forms auth, as that is the more time consuming. Test
and make sure you can log in. Then, change the config to windows auth and
make sure a user can log in that way. You now have the app set up for both
environments.

NOTE: The above setup dictates that you have two apps with the same code
base and a different configuration. While you can use both in a single app on
a single server, it can get a bit touchy, as you generally have different
security needs for different types of users. By separating the deployment to
two servers (internal and external), you reduce the likelihood of a security
hole.

Having said that, to allow windows auth on a forms auth requires that IE is
set up to send user credentials rather than attempt an anon login first. If
you detect an account other than anonymous, you issue the forms auth ticket.
Then, there is no need to redirect the user to the login page. The actual
coding can be a pain, however, which is one of the reasons I suggest separate
deployment for internal and external.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"ka*****@gmail.com" wrote:
Hi,

I am building a web-application which should be available for intern
and extern users. For intern I would like to use windows authentication
and for extern I have to use forms authentication.

What is the best way to do that, can I have them both on the same
application with same web.config, or do I have to have two applications
on same server. Can I arrange them so that all my aspx files and /bin
is only once copied to server , or I have to copy it twice. One more
important thing web server and users are not in the same domain, but I
hope that sys-admins can establish One-Way trust, so that web server
knows and trusts our user-domain.
Thanks
Almir

Nov 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by Bob Everland | last post: by
reply views Thread by Chris Mayers | last post: by
2 posts views Thread by Amedee Van Gasse | last post: by
3 posts views Thread by Sudha Pune | last post: by
3 posts views Thread by Ronald S. Cook | last post: by
reply views Thread by NPC403 | last post: by
2 posts views Thread by MrBee | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.