By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,709 Members | 2,116 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,709 IT Pros & Developers. It's quick & easy.

WIndows vs Form authentification ????

P: n/a
Dear all,

I clearly underdand the advantage of both type of authentification but is it
allowed or possible to set the Authentication mode to Windows and then handle
a login form for defined users in Credential section like as follow :

<authentication mode="Windows" >
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="Jessee" password="JuneBug"/>
<user name="Linda" password="Liste"/>
<user name="Cal" password="Cal"/>
</credentials>
</forms>
</authentication>

This could happen for instance that if the client browser windows current
user is not corresponding to the Server autorized user on which the web pages
are installed, at that time a login window will occurs for user name and
password
but I still want to handle a login page.

Does that is possible ?

regards
serge
Nov 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
So what is advantage of this type of 'authentification'?

Elton Wang

"serge calderara" wrote:
Dear all,

I clearly underdand the advantage of both type of authentification but is it
allowed or possible to set the Authentication mode to Windows and then handle
a login form for defined users in Credential section like as follow :

<authentication mode="Windows" >
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="Jessee" password="JuneBug"/>
<user name="Linda" password="Liste"/>
<user name="Cal" password="Cal"/>
</credentials>
</forms>
</authentication>

This could happen for instance that if the client browser windows current
user is not corresponding to the Server autorized user on which the web pages
are installed, at that time a login window will occurs for user name and
password
but I still want to handle a login page.

Does that is possible ?

regards
serge

Nov 19 '05 #2

P: n/a
Authentication and Authorization are different things (but rellated
closely). When <authentication mode="Windows">, that means as long as a user
is using a computer on the network with his user account, the ASP.NET app
will accept his identity without asking extra username/password and doing
its' own authentication. That mean the ASP.NET app agrees any user on this
network is who he claims. However, even the user IS realy who he is
(authenticated), he may or may not have the permission to access some
pages/resources: authorization play s the role here.

In your case, what you need is not another pair of username/password, you
need to authorize different user (or user group) to different
pages(resources). You do it in <authorization /> part, not <authentication
/> part in web.config. You may alos look into <identity impersonate... />
tag in <authentication /> part. If impersonate="true", that means all
authenticated users will be treated (impersonated) as a specific user
(account), that will make your authorization task easier.

"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:D8**********************************@microsof t.com...
Dear all,

I clearly underdand the advantage of both type of authentification but is
it
allowed or possible to set the Authentication mode to Windows and then
handle
a login form for defined users in Credential section like as follow :

<authentication mode="Windows" >
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="Jessee" password="JuneBug"/>
<user name="Linda" password="Liste"/>
<user name="Cal" password="Cal"/>
</credentials>
</forms>
</authentication>

This could happen for instance that if the client browser windows current
user is not corresponding to the Server autorized user on which the web
pages
are installed, at that time a login window will occurs for user name and
password
but I still want to handle a login page.

Does that is possible ?

regards
serge

Nov 19 '05 #3

P: n/a
Thanks for your reply norman.
I was asking that because I have a strange problem.
I have a web project that I have installed in a Wondows 2000 pro SP4
workstation connected to network. I can acess without any trouble and the
initial web page gets display normally.

Then I copy the same folder on a server 2003 and configured IIS to point to
this folder. Then when I try to access to that web, I get error that page is
not found but is it really there.

Is it a matter of authentication ? in order to be sure I connect to the
server with administarot account from a client PC but no luck.

Why the page cannot be displayed ?

"Norman Yuan" wrote:
Authentication and Authorization are different things (but rellated
closely). When <authentication mode="Windows">, that means as long as a user
is using a computer on the network with his user account, the ASP.NET app
will accept his identity without asking extra username/password and doing
its' own authentication. That mean the ASP.NET app agrees any user on this
network is who he claims. However, even the user IS realy who he is
(authenticated), he may or may not have the permission to access some
pages/resources: authorization play s the role here.

In your case, what you need is not another pair of username/password, you
need to authorize different user (or user group) to different
pages(resources). You do it in <authorization /> part, not <authentication
/> part in web.config. You may alos look into <identity impersonate... />
tag in <authentication /> part. If impersonate="true", that means all
authenticated users will be treated (impersonated) as a specific user
(account), that will make your authorization task easier.

"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:D8**********************************@microsof t.com...
Dear all,

I clearly underdand the advantage of both type of authentification but is
it
allowed or possible to set the Authentication mode to Windows and then
handle
a login form for defined users in Credential section like as follow :

<authentication mode="Windows" >
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="Jessee" password="JuneBug"/>
<user name="Linda" password="Liste"/>
<user name="Cal" password="Cal"/>
</credentials>
</forms>
</authentication>

This could happen for instance that if the client browser windows current
user is not corresponding to the Server autorized user on which the web
pages
are installed, at that time a login window will occurs for user name and
password
but I still want to handle a login page.

Does that is possible ?

regards
serge


Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.