IIS Security
-
I'm sorry if this is the wrong forum but since it is related to ASP.Net here goes... I have a web application that currently uses forms authentication and works fine. However I would like to change the authentication to Windows and Forms so the users won't have another id/pwd combo to forget. The application is set for Forms authentication and in the webconfig I have the login page set to a page that is the only page in the site that also has Windows Authentication running on it. I would like to snag the username and attempt to log them in. If I can't authenticate them, then I redirect them to a standard login form with the the user entering in an id/pwd combo. Of course it works great on my machine while developing, but in my test and production servers the user gets a NT Challenge to log into. If they click cancel, they get redirected to the login page because no credentials were supplied. If they put in their Windows credentials correctly they are logged in. How can I avoid the NT Challenge and still get the username of the person logged into Windows? This shouldn't be that hard but I can't figure it out. Thanks in advance, Al
-
I'm sorry if this is the wrong forum but since it is related to ASP.Net here goes... I have a web application that currently uses forms authentication and works fine. However I would like to change the authentication to Windows and Forms so the users won't have another id/pwd combo to forget. The application is set for Forms authentication and in the webconfig I have the login page set to a page that is the only page in the site that also has Windows Authentication running on it. I would like to snag the username and attempt to log them in. If I can't authenticate them, then I redirect them to a standard login form with the the user entering in an id/pwd combo. Of course it works great on my machine while developing, but in my test and production servers the user gets a NT Challenge to log into. If they click cancel, they get redirected to the login page because no credentials were supplied. If they put in their Windows credentials correctly they are logged in. How can I avoid the NT Challenge and still get the username of the person logged into Windows? This shouldn't be that hard but I can't figure it out. Thanks in advance, Al
Hey Al, BTW great name. Why don't you use the same credentials from Froms to Windows and you do the double authentication yourself?. If you want I can send you some code that works great, just need to dig around my hard disk. Al
-
Hey Al, BTW great name. Why don't you use the same credentials from Froms to Windows and you do the double authentication yourself?. If you want I can send you some code that works great, just need to dig around my hard disk. Al
I would like to use the same credentials but can't get them without the user having to provide their user credentials to the webserver. There is an article on MSDN that I am trying apply. http://msdn.microsoft.com/library/?url=/library/en-us/dnaspp/html/mixedsecurity.asp If you wouldn't mind sending me your code, I'll be more than happy to look at it and try and use it, thanks in advance. And your are right Al is great name, got numerous Alfred's and Alberts in my family Al