Thanks for the responses guys.
I think we've got two choices.. tell them no. or create a windows app
that will encrypt the current user and send it as a querystring to the
remote url.. ho hum..
Cheers
-Adrian
"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:HR**************@TK2MSFTNGXA01.phx.gbl...
| Hi Adrian,
|
| I think Rob's analysis here is reasonable. As for IE, it will always send
| an anonymous request to the remote web site first, then depend on whether
| the webserver enable anonymous access or not, the following occurs:
|
| **If allow anonymous, the first request can pass and be processed
| successfully, there is no authentication info in the request/response
|
| **If not allow anonymous, first request is rejected by 401 error, and the
| IE will try sending a credential to server, here depend on whether the
| credential is authenticatable on server, it will result the below
behavior:
|
| << If the credential can be authenticatable( duplicated local account on
| both client and server or a domain user account in shared domain or
trusted
| domain), the second request get processed.
|
| <<If the credential not authenticatable, request fail.....
|
| and as for those Server Variable (related to authentication info ), it
will
| contains the client user's value only if the request has passed the
| authentication. Therefore, in your case, since the client machine can not
| provide a valid account that is authenticatable on server, we really have
| no luck here.
|
| BTW, is the reason you don't want user to input username/password
| credentials here specific to security consideration? If so, do you think
it
| is possible to use https/ssl security channel for authentication here?
| This is the most common approach for passing clear/text credential over
| internet. And on the server-side, the application and authenticate the
| credentials against AD through ActiveDirectory membership provider... If
| you think this doable for your scenario, we can provide some detailed
| reference on this.
|
| Please feel free to let me know if you have any other ideas or concerns
| here.
|
| Sincerely,
|
| Steven Cheng
|
| Microsoft MSDN Online Support Lead
|
|
|
| ==================================================
|
| Get notification to my posts through email? Please refer to
|
http://msdn.microsoft.com/subscripti...ult.aspx#notif
| ications.
|
|
|
| Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
| where an initial response from the community or a Microsoft Support
| Engineer within 1 business day is acceptable. Please note that each follow
| up response may take approximately 2 business days as the support
| professional working with you may need further investigation to reach the
| most efficient resolution. The offering is not appropriate for situations
| that require urgent, real-time or phone-based interactions or complex
| project analysis and dump analysis issues. Issues of this nature are best
| handled working with a dedicated Microsoft Support Engineer by contacting
| Microsoft Customer Support Services (CSS) at
|
http://msdn.microsoft.com/subscripti...t/default.aspx.
|
| ==================================================
|
|
|
| This posting is provided "AS IS" with no warranties, and confers no
rights.
|
