Custom Authentication

  • Thread starter Thread starter Smithers
  • Start date Start date
S

Smithers

I have implemented custom Forms authentication for secured sites on the
Internet, and I have secured sites with Windows authentication on private
intranet sites. So I'm familiar with the basics. But I now have a scenario
in which I'm not clear on how I might implement authentication where I would
like features of both Forms authentication and Windows authentication. Here
is what I would like to accomplish:

This app will be a .NET 3.5 ASP.NET Web application running on a private
corporate intranet that is running Active Directory. It is a simplistic
application with one "main page" - default.aspx - that can be viewed without
the user being required to be authenticated. If unauthenticated, then the
user should see limited information. If the user wants to see protected
information, the user would need to log in. default.aspx would have a "login
here" link - when clicked the user is prompted for their Windows login ID
and password. Those credentials would be checked against the user's Active
Directory account (i.e.. the app would not maintain it's own credential
store). Upon successful authentication, the user would be redirected back to
default.aspx - but this time the user would be presented with
additonal/protected information.

My question is how to make this happen most efficiently. If I were to set up
Forms Authentication in Web.config, then AFAIK I would have to separate
protected from non protected *pages* into different folders. If that's the
case, then I wouldn't want to use Forms Authentication, as I don't have
separate pages to be secured. I need/want one page - default.aspx - that
shows/hides protected information depending on the authentication status of
the current user. I also would not want to set up Windows Authentication in
IIS because users would be prompted to log in just to see default.aspx. But
I don't want that. I want to allow unauthenticated visitors to see
default.aspx (with limited content).

Suggestions?

Thanks.
 
My question is how to make this happen most efficiently. If I were to
set up Forms Authentication in Web.config, then AFAIK I would have to
separate protected from non protected *pages* into different folders.
If that's the case, then I wouldn't want to use Forms Authentication,
as I don't have separate pages to be secured. I need/want one page -
default.aspx - that shows/hides protected information depending on the
authentication status of the current user. I also would not want to
set up Windows Authentication in IIS because users would be prompted
to log in just to see default.aspx. But I don't want that. I want to
allow unauthenticated visitors to see default.aspx (with limited
content).

You can set up regions that can only be viewed when authenticated, so that
is not an issue. For quick, down and dirty, ASP.NET 1 - 3.5:
http://www.xoc.net/works/tips/forms-authentication.asp

For 2.0 or later, you can use a LoginView and specify user(s) and or role
(s) that can see the content.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 
Back
Top