Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to implement Windows and Fallback Forms authentication

Status
Not open for further replies.
cvmandach

cvmandach

IS-IT--Management
Nov 1, 2002
8
CH
Hi,

I would like to implement a web application in the following way:
1. If the user comes from within the domain (intranet), he shall be authenticated by windows.
2. If the user comes from the internet (anonymous), he shall be authenticated by forms (username and password will be taken from a database table).

It seems not possible to use both windows and forms authentication in the root web.config file of an application. I am thinking of creating two identical applications, only different in the authentication mode (one with windows, the other with forms). But this is not really elegant... Does anybody have a clue? Any help is appreciated!

Thanks,
Conrad
 
Sort by date Sort by votes
I have done something similar to this with an intranet app - if coming in from within the intranet the current windows logon account is used transparently, but when coming in from the internet the user is prompted for their windows account username/password. This only uses Windows authentication. So you want to authenticate against two different data-stores - 1, the active directory in the case of intranet - 2, a database that you maintain. This seems like it might get troublesome, becuase you have to maintian the account info in two places and the user has to memorize tow different passwords. Why not just use the AD credentials exclusivley?

Now, there is a way that you can use Forms authentication against Active Directory, but really the only advantage I see is that you can customize the way the log-in screen looks instead of always seeing the browser-generated pop-up un/pw box. Is that what you are after? I might have some links around if you need that.

HTH
 
Upvote 0 Downvote
Hi dragonwell,

Thanks for your reply. I know, my problem sounds kind of complicated, and in your considerations you're absolutely right. The basic problem is that I do not want to transmit windows passwords with basic or digest authenication over the internet for security considerations, while in the intranet the windows authenication will be the most comfortable (SSL is not an option for performance reasons). This brought me to the database user table, because a hack of this particular application (password) would not be that tragic. Users will have to remember two (hopefully different) passwords, indeed.
 
Upvote 0 Downvote
If I'm not mistaken, when you use Integrated Windows Authentication, the username and password is NOT ever transmitted across the network, even when the user is being autheticated from the WAN. The process is called "challenge-response". So that might solve part of your puzzle. BUT the user needs to be using Internet Explorer for this...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
712
Makumbi256
Makumbi256
AhmedAzizBarbary
  • Locked
  • Question
How to read data response body after success login razor page ?
Replies
0
Views
790
AhmedAzizBarbary
AhmedAzizBarbary
AhmedAzizBarbary
  • Locked
  • Question
How to pass list of checkboxes not checked on page model razor page?
Replies
0
Views
875
AhmedAzizBarbary
AhmedAzizBarbary
a6green
  • Locked
  • Question
How to configure AT&T / Avaya Definity G3 incoming ISDN trunk
Replies
2
Views
804
a6green
a6green
Makumbi256
  • Locked
  • Question
how can i convert this code to cshap
Replies
1
Views
771
xwb
xwb

Part and Inventory Search

Sponsor

Back
Top