Hello all,
I am writing an aspx (Visual Basic) logon app for a friend (he needs
to be able to reset expired passwords, so the regular windows logon
won't work). Everything is in the same domain and secure, so that
isn't really going to be a problem.
I created a logon page, that checks user name and password against
active directory:
dso = GetObject("LDAP:")
oUser = dso.OpenDSObject("LDAP://" & LDAPServerPath,
txtUserName.Text, txtPassword.Text, 1)
After the username and password sare verified, I retrieve the groups
the user belongs to, and read an ini file to determine what page the
user should be redirected to based on their group.
No problem up until now, the thing is, the permissions to the pages he
wants to redirect to are set by NTFS. I can't figure out how to use
the logon information supplied by the user to access these pages
without the windows "connect to <server>" screen popping up.
If the user signs on using the pop up, then they can access the page
as long as they don't close the browser. If they do, then they have
to do it all again.
Is there a way to authenticate/authorize the session? He is using
"Basic Authentication" on a 2003 machine (IIS6)
I tried posting this on
microsoft.public.dotnet.framework.aspnet.security
but got no replies.
Thanks for any help, this is all I have left before the project is
finished :)