3

I need help on authenticating users based on their location. The problem is this: If the users come to the web site out of domain then the user must fill a login page and the credentials he provided must be authenticated from a custom credential store. If the user is an Active Directory user, he must be directed to the resource he wants without asking for credentials.

If I enable both Anonymous Auth and Windows Auth for the web server, Anonymous Auth comes first and even the user is an Active Directory user I can't access his domain information.

Anyone can help?

Élodie Petit
  • 5,774
  • 6
  • 50
  • 88

2 Answers2

1

One way I know is to set a single page, like AdLogin.aspx, to deny anonymous users and have that page log them into the Forms Authenication module. You then have to create a custom 401 error page that redirects to your Forms login page from your AdLogin. The one thing I don't like is that AD users try to login through the Forms login page all of the time, and it's hard to bookmark the AdLogin page because it just does an automatic redirect. I also don't like that it's so dependent on a custom IIS configuration.

See my answered here for details: ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication

Community
  • 1
  • 1
Greg
  • 16,540
  • 9
  • 51
  • 97
0

How about publishing the website with 2 different Webapplications?

You could configer the internal one to use Windows Auth, and the external one to use Anonymous. If the user requests a site that requiers auth, you allow them to authenticate.

You can also post an "Login" Link on your (external) webpage, that will allow the user to manually log in on the external site. But if you allow a Page to use anonymous, then you have to consider that you wont know who the user is currently.

Heiko Hatzfeld
  • 3,197
  • 18
  • 15
  • That's one of the alternatives but requires publishing to 2 different sites which is only possible if an easier way is not possible. – Élodie Petit Nov 24 '10 at 09:56
  • Well, since you allow Anonymous, IIS will not require a user to authenticate. So you wont have access to the username. If you try tricks to get a user to authenticate, then you will annoy users who have no account, since you popup requesting their credentials. Edit: If you access the site by its netbios name, you could do some javascript do redirect the user to a page that will require authentications if he is not using a FQDN do access the site... – Heiko Hatzfeld Nov 24 '10 at 15:31