Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows Authentication/AD Integration 1

Status
Not open for further replies.
checkai

checkai

Programmer
Jan 17, 2003
1,629
0
0
US
A few questions...

We have some web forms that we'd like to start using windows authentication/AD Integration...Is there really a difference between these two terms?

also, is there a unique ID given to each AD user that is retrievable other than the name they're logged in as?

Finally, we had turned Windows Authentication on for one app, and some users were asked to log in to the domain...even though they were already logged in on their computer...??

"...we both know I'm training to become a cagefighter...see what happens if you try 'n hit me..."
 
Sort by date Sort by votes
I'm no expert, but here's what I know:

They're a bit different in that AD auth requires the directory services namespace, and you have to do the authentication through LDAP to the AD. You can also create a GenericPrincipal token for requests. With Windows Auth, you just authenticate with the local user account that's logged in.

Abstract difference: Integrated is basically just IIS doing NTLM (or Kerberos if you set it up), and IIS will send back headers that will initiate a negotiation for authentication if the user's computer is willing to supply credentials. AD, on the other hand, just authenticates a passed username/pass against a branch in AD.

Functional differences: you need LDAP for AD, and you can authenticate using a different login than the current windows user. It uses a similar system of cookies to Forms Authentication, I believe. Also, Windows Auth isn't as useable off a trusted network, because you can't be guaranteed that computers will supply credentials.

As for a unique ID, I haven't come across what you're looking for, but you could generate one I suppose and perhaps add it to the Principal object for that user?

And as for needing to login.. that's weird. I do know you can tell your browser not to supply windows auth info (Internet Options > Advanced > Security in IE), maybe that would be the case? You'd have to log in if the browser refused NTLM negotiation.
 
Upvote 0 Downvote
thanks for the info...i couldn't find where to do this however...

I do know you can tell your browser not to supply windows auth info (Internet Options > Advanced > Security in IE), maybe that would be the case? You'd have to log in if the browser refused NTLM negotiation.
Click to expand...

"...we both know I'm training to become a cagefighter...see what happens if you try 'n hit me..."
 
Upvote 0 Downvote
in IE menus: Tools > Internet Options

Go to the Advanced tab, and scoll down in the list to the Security section at the bottom - it's the "Enable Integrated Windows Authentication" checkbox - 8th from the bottom on mine.
 
Upvote 0 Downvote
thanks...

"...we both know I'm training to become a cagefighter...see what happens if you try 'n hit me..."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
111
Moregelen
Moregelen
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
115
Rajkumarrrrr
Rajkumarrrrr
NoCoolHandle
  • Locked
  • Question
Integrate Facebook (social) logins with Forms authentication..
Replies
0
Views
41
NoCoolHandle
NoCoolHandle
primagic
  • Locked
  • Question
Windows Authentication
Replies
0
Views
23
primagic
primagic
tshad
  • Locked
  • Question
Windows forms show and showdialog working differently displaying datagridview
Replies
3
Views
67
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top