473,326 Members | 2,255 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

single web app for both external users and domain users

Ive been asked to allow internal (domain authenticated) users to get in to
my asp.net web application, while everyone else should use the login form.
One way ive seen others doing this, is to configure the application in IIS
to use windows authentication, uncheck anonymous, so as to have the browser
pass in the User.Identity value.

Then, when when a visotor hits the site, I can check if we have a domain
user with the User.Identity, and automatically log them in using a common
login name that is setup in the database. If the user.Identity is empty,
then force them to login as usual.

Sound reasonable ?
Jun 22 '07 #1
1 1183
its much tricker than this. if you turn off anonymous, no one can access
the site with a successful domain login.

for the browser to send credentials, the server must send a 401 (access
denied). the browser then send some credentials. the server will return
another 401 if invalid, so the user can try again.

if you turn on anonymous, then iis never sends a 401 and the browser
will never send the user credentials.

the easiest solution is if the users ipaddress is internal, send a 401,
if not redirect to forms login.

-- bruce (sqlwork.com)


bitshift wrote:
Ive been asked to allow internal (domain authenticated) users to get in to
my asp.net web application, while everyone else should use the login form.
One way ive seen others doing this, is to configure the application in IIS
to use windows authentication, uncheck anonymous, so as to have the browser
pass in the User.Identity value.

Then, when when a visotor hits the site, I can check if we have a domain
user with the User.Identity, and automatically log them in using a common
login name that is setup in the database. If the user.Identity is empty,
then force them to login as usual.

Sound reasonable ?

Jun 22 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: D Barry | last post by:
Greetings: I am trying to conceive what risks might be created by running multiple SQL servers within a domain under a single domain account, as opposed to 1) running under the local service...
1
by: Tom | last post by:
I am trying to establish an infrastructure whereby I want only one login screen for my .net application users. In my experience, if the user's domain is different than the application domain,...
2
by: Grace | last post by:
Are there any ways it can let users only login once and users can browse different ASP.Net/ASP web applications on different machines? ex: A machine: login web application, a web application B...
1
by: Cowboy \(Gregory A. Beamer\) | last post by:
Quite a few months back, I was able to create a single sign on app for all apps on a single box (perhaps a domain, but never tested) by setting the auth cookie name to an identical value: ...
2
by: Ralph | last post by:
I am setting up an ASP.NET application that will require external users to login. Currently we run both Cold Fusion and ASP.Net. Can someone explain if and how I can create a single sign on for...
1
by: ABC | last post by:
I have a new project which is a web site used by Internal and External users (login required users) and public users (no login required users). On internal users, all users login network using...
3
by: Eddy | last post by:
I would like to export the output of 2 queries to excel namely: 1. QryProrationbyWBS_1 2. QryProrationbyWBS_2 However I want to do this using the same spreadsheet say sheet1 and sheet2 or...
1
by: =?Utf-8?B?VCBSYXkgSHVtcGhyZXk=?= | last post by:
I have an ASP.NET 2.0 web app using forms authentication and an ASP.NET Membership database. Internal users access the app from the intranet, but they are authenticated by the membership module....
3
by: bnashenas1984 | last post by:
Hi everyone I'v made a website which allows users to have their own subdomains Each user can have a blog in a unique subdomain Now I need to let my users register their own domain names and...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.