473,883 Members | 1,718 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

pass credentials to site with Windows Authentication

3 New Member
I know there have been some similar posts, but I cannot determine if this is truly impossible, or just difficult.

We have a site that uses Windows Integrated Authentication, and so it pops up the windows dialog to get credentials before allowing access to the site. there is no Anonymous access on this site.

Is there any way to create a logon page on another site, and then after capturing and verifying the credentials (i'm able to do this with API calls to advapi32.dll), pass these credentials to IIS so that the user is not prompted again.

I know that once I'm prompted, as long as I don't kill the IEXPLORE.exe session, I can start new windows without being prompted (ie. with links that have target="_blank" ), but once I close the initial browser, I'm prompted again.

Can I cache the credentials somehow, or can I open a new windows using a RunAs? I cannot believe this isn't possible.

The problem is that I cannot use Forms authentication becuase the web application is purchased and I don't have access all the code. The application is Altiris Helpdesk, if that helps anyone.

Thanks for any help someone can provide.

Craig
Nov 11 '08 #1
5 16377
kenobewan
4,871 Recognized Expert Specialist
Sounds like you are trying to achieve single sign on. This is usually taken as a moot point with NT Authority (windows). So here is an article that may help:
ASP.NET 2.0: Implementing Single Sign On (SSO) with Membership API
Nov 12 '08 #2
CraigWU
3 New Member
This seems to discuss asolution, but I'm not sure it will work in our situation.

As I said, we are using Windows Integrated Authentication, but our problem arises by the fact that we log into the website application with different AD credentials than we use for our desktop logon. Therefore, we are prompted for our credentials each time.

The other problem is that we don't have access to the part of the application that controls security. This is a purchased application and we can only modify certain aspects of it. I believe the security code is embedded in DLLs that I cannot change.

Therefore, the only way I can think to get around this is to do with a page what the Windows popup is doing - i.e. prompt for, validate and cache credentials. I'm able to validate the credentials using the API I mentioned before, so I just need to know how to 1) cache them for the session, or 2) pass them to the application (or IIS).

The only reasons for wanting to do this are to 1) avoid the user having to type DOMAIN\USERID in a popup (when most people don't know their domain), as well as 2) brand the logon page a little more.

I guess I'm looking for ways to pass this information during a redirect so that its not prompted in a Windows Authenticated environment.
Nov 12 '08 #3
Frinavale
9,735 Recognized Expert Moderator Expert
Usually Windows Authentication is used for Intranet applications.

In this case you should consider looking at reconfiguring your network so that only one AD is used instead of 2.

-Frinny
Dec 4 '08 #4
CraigWU
3 New Member
The problem is that we are migrating to a Single Sign On environment, and creating a new AD to support it. Users across the campus are on different ADs, but will eventually be using the one.

In the interim, I need to solve the problem where a user is logged into a machine on one AD, but the application uses credentials in another AD.
Dec 5 '08 #5
Frinavale
9,735 Recognized Expert Moderator Expert
I think you're going to have to look into impersonating the user.
Check out this article on How to use windows authentication for more details.

There are a bunch of articles there on how to implement authentication/authorization.

-Frinny
Dec 5 '08 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

8
3714
by: Bob Everland | last post by:
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no boxes come up. I want an ASP page to sit between the user and the ISAPI application. The rest of my application is using authentication that is database driven and wouldn't want the users to know the userid and password. Is this possible? If so...
3
6127
by: Patrick.O.Ige | last post by:
Hi folks, How can i pass credentials to windows integrated authentication. I want to use my credentials from windows authentication and pass it on to different asp.net and asp pages without having to login again. Any help?
10
13906
by: Will Gillen | last post by:
I have an ASP.NET application that is using Windows Integrated Authentication (IIS) (as opposed to Forms Authentication). When the user first logs into the application, IIS prompts the user for their credentials. Once they are "authenticated", their credentials remain active while their web browser is open. Now, I want the "authentication" to "timeout" in 3 minutes. This way if they browse to another page after 3 minutes, they are...
6
7568
by: Kevin Yu | last post by:
is it possible to for user to click a logout button to logout and when the user want to get into the system again, the user have to login again? Kevin
1
2803
by: sefe dery | last post by:
Hi ng, i have an Asp.net webapplication on a remote Windows Server 2003. I created on the remote server a windows account and i use the "only windows authentification" in sql server 2000. The name and passwort for the windows account are the same like the credentials in asp.net.
4
7965
by: John Smith | last post by:
Hey folks, I'm trying to communicate with our Exchange server using WebDav to get the User's personal contacts folder. Works fine if I hardcode their username and password (obviously not an acceptable solution), but when I use Integrated Authentication I get "(401) Unauthorized". I've got <identity impersonate="true" /> and I've got <authentication mode="Windows" />, and I've set up IIS to use Windows Authentication. I know this...
3
3044
by: tshad | last post by:
I have my windows authentication on our intranet set up as: <authentication mode="Windows"/> This works for 15 machines at work fine. Doesn't ask you to logon. It uses the logon credentials the user used to logon originally There are 4 machines that it asks for logon credentials (even though they have already logged on). Obviously, the credentials are valid or they wouldn't be able to log on to their local machines.
3
13813
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:
Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web service run in an application pool which runs under a domain user, this domain user has permissions of accessing database and the connection to database is trusted connection. All these work well. The web application will be used in internet (not...
0
1926
by: =?Utf-8?B?UmljayBF?= | last post by:
I have an IIS 6 server on Windows 2003 running in an AD domain attempting to enumerate the files on another Windows 2003 server on the same domain. The code and UNC path are sound as it works if I set anonymous access and enter domain credentials in the page properties but if I check "Integrated Windows Authentication" it gives a "Path not found" 800a004c error in the browser. The IIS logs report a 500 0 0 status but it does show that it...
8
5422
by: jonmundsack | last post by:
I have an intranet site on my LAN which has "anonymous access" turned OFF, and "integrated Windows authentication" turned on. This allows me to access the "AUTH_USER" server variable, which I use to look up application rights in SQL Server. With IE6 clients, this has worked flawlessly for several years. Our users are currently running IE6, but my parent agency has announced an upgrade to IE7 beginning next month, so I have installed...
0
11137
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10736
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10840
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10409
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9570
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7969
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5795
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4608
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
3230
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.