Authentication and Authorization are different things (but rellated
closely). When <authentication mode="Windows">, that means as long as a user
is using a computer on the network with his user account, the ASP.NET app
will accept his identity without asking extra username/password and doing
its' own authentication. That mean the ASP.NET app agrees any user on this
network is who he claims. However, even the user IS realy who he is
(authenticated), he may or may not have the permission to access some
pages/resources: authorization play s the role here.
In your case, what you need is not another pair of username/password, you
need to authorize different user (or user group) to different
pages(resources). You do it in <authorization /> part, not <authentication
/> part in web.config. You may alos look into <identity impersonate... />
tag in <authentication /> part. If impersonate="true", that means all
authenticated users will be treated (impersonated) as a specific user
(account), that will make your authorization task easier.
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:D8**********************************@microsof t.com...
Dear all,
I clearly underdand the advantage of both type of authentification but is
it
allowed or possible to set the Authentication mode to Windows and then
handle
a login form for defined users in Credential section like as follow :
<authentication mode="Windows" >
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="Jessee" password="JuneBug"/>
<user name="Linda" password="Liste"/>
<user name="Cal" password="Cal"/>
</credentials>
</forms>
</authentication>
This could happen for instance that if the client browser windows current
user is not corresponding to the Server autorized user on which the web
pages
are installed, at that time a login window will occurs for user name and
password
but I still want to handle a login page.
Does that is possible ?
regards
serge
