Obtain RemoteUser if available

[SemperFiDownUnda]

Maybe I'm just trying to do the impossible.
The situation is the following.
Our intranet needs to allow anonymous users. We have functionality that I want to obtain the remote user (Active Directory User) if they are logged into the Active Directory but if not still allow them to see the basic page.

Is there any way to do this? I would even settle for a way to have a specific 401 page for a given page. This would let me have 1 page with security on it and if that fails fall back to the page that allows anonymous access.

Things like MSWC.PermissionChecker don't do me any good because they require anonymous access to be turned off.

Surely I'm not the only one that would have liked the order of precedence for authentication to be in a different order.

Thanks in advance


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[Sheco]

I don't know if this helps but I've noticed that once Internet Explorer hits one page with anonymous turned off then it will keep sending the user credientials on subsequent requests, even when those later pages have anonymous turned on.

 

[SemperFiDownUnda]

Yes, once credentials are passed through they stick for the entire session.
One thing I thought of doing is hiding a frame to an page that required authentication. The resulting 401 would be passed back if they didn't otherwise their session would be authenticated. This is a bit messy tho and I was looking for a cleaner solution.

Thanks for the tip tho.


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[damber]

You could always play around with the headers and request the authentication upon the first access (e.g. session start). You would need to test out the process of events, and what you want the users to see (e.g. you may not want them to see the login dialog if they do not automatically authenticate with OS credentials)

In this thread (thread333-1157579) I wrote a quick example that forced the user to login for each page hit (the original poster required it for a check-in system) - it's not the same as your requirement, but you should be able to see how the process works - and use the code to start testing from. You might want to start by removing the status response text and modifying the authentication method from NTLM to maybe NTCR.

If you're not bothered about users being shown the dialog then just copy and post the prevelant lines from the above example.

If I get time, and you've not cracked it, I'll do a quick test on it later.

A smile is worth a thousand kind words. So smile, it's easy!

 

[Sheco]

I would even settle for a way to have a specific 401 page for a given page.

You can do that using the IIS Admin tool.

 

[SemperFiDownUnda]

Thanks damber I'll take a look now.
Wayne Francis

Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[SemperFiDownUnda]

I've played around with the code a bit and I can't get it to do what I want. When a actual anonymous users log in it requests the challenge response but since they are not logged in it prompts them with a login dialog where I would just rather it fail.

Anyone know how to stop the dialog?


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first