|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Passing form credentials to windows securityI have an intranet site that is available internally as well as externally. Currently it is just html files on the intranet (that change may come later which will make it easy to secure via an application, unfortunately right now that is not an options) What i would like to do is essentialy mix windows and forms based authentication however the articles I have found wont exactly accomplish what i need since I do not have my intranet as an application. I have anonymous turned off and integrated authentication turned on so that anyone internally does not get prompted for a username and password, the external side first hits my redirection to ssl page (shich is set to allow anonoymous access) and then the user gets prompted for a username and password via the standard windows popup since I have windows NTFS permissions set on the entire directory. What I want to do is if a user is not authenticated via integrated, i want to present them with a pretty form to log into instead of the windows pop up box, and then authenticate them against Active Directory and then pass the authenticated credentials to IIS as they were logged into the computer with those credentials exactly as Microsoft has done with Exchange webmail. Is this possible and any steps in the right direction would be appreciated. I have the form written and is authenticating via Active Directory and then doing the redirect to the home page via ssl, the only problem I have to work the details on is passing those credentials to windows security so they are not prompted for the user name again via the windows pop up box. It looks as though the OWA logon passes those credentials to a .dll file that is handling this. Thanks in advance for any tips helping me out on this one. Please let me know if any of this is unclear. Doug CustomAuth from IIS Platform SDK shows how to pass form credentials.
http://blogs.msdn.com/david.wang/archive/2006/01/24/HOWTO_Install_and_Use_CustomAuth_on_IIS_6.aspx However, the custom scheme you describe (try Windows first and if it fails, try forms) cannot be configured. Lots of people want that behavior, but sorry, the standardized browsers and the authentication protocols just don't work that way. You can configure two websites, one Intranet that is Windows only, the other Extranet that is Forms auth only. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Doug" <D***@discussions.microsoft.com> wrote in message news:0393219E-EDF5-4B07-994B-9251F78A9947@microsoft.com... > Ok to explain my scenario here is my goal > > I have an intranet site that is available internally as well as > externally. > Currently it is just html files on the intranet (that change may come > later > which will make it easy to secure via an application, unfortunately right > now > that is not an options) > > What i would like to do is essentialy mix windows and forms based > authentication however the articles I have found wont exactly accomplish > what > i need since I do not have my intranet as an application. > > I have anonymous turned off and integrated authentication turned on so > that > anyone internally does not get prompted for a username and password, the > external side first hits my redirection to ssl page (shich is set to allow > anonoymous access) and then the user gets prompted for a username and > password via the standard windows popup since I have windows NTFS > permissions > set on the entire directory. > > What I want to do is if a user is not authenticated via integrated, i want > to present them with a pretty form to log into instead of the windows pop > up > box, and then authenticate them against Active Directory and then pass the > authenticated credentials to IIS as they were logged into the computer > with > those credentials exactly as Microsoft has done with Exchange webmail. > > Is this possible and any steps in the right direction would be > appreciated. > I have the form written and is authenticating via Active Directory and > then > doing the redirect to the home page via ssl, the only problem I have to > work > the details on is passing those credentials to windows security so they > are > not prompted for the user name again via the windows pop up box. It looks > as > though the OWA logon passes those credentials to a .dll file that is > handling > this. > > > Thanks in advance for any tips helping me out on this one. > Please let me know if any of this is unclear. > > > > > Doug > > > David,
Thats awesome and exactly what I am looking for. Thanks.. My next question is there any sample custom login forms available. I familiar with posting forms however does the form post back to the dll? i assume that the inherent login form is compiled into the dll file however im ok with creating just an html file or asp file and was wondering if you knew of some samples out there? Thanks again! Doug Show quoteHide quote "David Wang [Msft]" wrote: > CustomAuth from IIS Platform SDK shows how to pass form credentials. > http://blogs.msdn.com/david.wang/archive/2006/01/24/HOWTO_Install_and_Use_CustomAuth_on_IIS_6.aspx > > However, the custom scheme you describe (try Windows first and if it fails, > try forms) cannot be configured. Lots of people want that behavior, but > sorry, the standardized browsers and the authentication protocols just don't > work that way. > > You can configure two websites, one Intranet that is Windows only, the other > Extranet that is Forms auth only. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > > "Doug" <D***@discussions.microsoft.com> wrote in message > news:0393219E-EDF5-4B07-994B-9251F78A9947@microsoft.com... > > Ok to explain my scenario here is my goal > > > > I have an intranet site that is available internally as well as > > externally. > > Currently it is just html files on the intranet (that change may come > > later > > which will make it easy to secure via an application, unfortunately right > > now > > that is not an options) > > > > What i would like to do is essentialy mix windows and forms based > > authentication however the articles I have found wont exactly accomplish > > what > > i need since I do not have my intranet as an application. > > > > I have anonymous turned off and integrated authentication turned on so > > that > > anyone internally does not get prompted for a username and password, the > > external side first hits my redirection to ssl page (shich is set to allow > > anonoymous access) and then the user gets prompted for a username and > > password via the standard windows popup since I have windows NTFS > > permissions > > set on the entire directory. > > > > What I want to do is if a user is not authenticated via integrated, i want > > to present them with a pretty form to log into instead of the windows pop > > up > > box, and then authenticate them against Active Directory and then pass the > > authenticated credentials to IIS as they were logged into the computer > > with > > those credentials exactly as Microsoft has done with Exchange webmail. > > > > Is this possible and any steps in the right direction would be > > appreciated. > > I have the form written and is authenticating via Active Directory and > > then > > doing the redirect to the home page via ssl, the only problem I have to > > work > > the details on is passing those credentials to windows security so they > > are > > not prompted for the user name again via the windows pop up box. It looks > > as > > though the OWA logon passes those credentials to a .dll file that is > > handling > > this. > > > > > > Thanks in advance for any tips helping me out on this one. > > Please let me know if any of this is unclear. > > > > > > > > > > Doug > > > > > > > > > I am also having troubles getting customauth to redirect to a specified logon
page. is there any tricks to this. my page is named logon.htm and i have specified the full url in the ini LogonURL=https://www.mydomain.com/logon.htm Thanks in advance Doug Show quoteHide quote "Doug" wrote: > David, > > Thats awesome and exactly what I am looking for. Thanks.. My next question > is there any sample custom login forms available. I familiar with posting > forms however does the form post back to the dll? > i assume that the inherent login form is compiled into the dll file however > im ok with creating just an html file or asp file and was wondering if you > knew of some samples out there? > > Thanks again! > > Doug > > > > "David Wang [Msft]" wrote: > > > CustomAuth from IIS Platform SDK shows how to pass form credentials. > > http://blogs.msdn.com/david.wang/archive/2006/01/24/HOWTO_Install_and_Use_CustomAuth_on_IIS_6.aspx > > > > However, the custom scheme you describe (try Windows first and if it fails, > > try forms) cannot be configured. Lots of people want that behavior, but > > sorry, the standardized browsers and the authentication protocols just don't > > work that way. > > > > You can configure two websites, one Intranet that is Windows only, the other > > Extranet that is Forms auth only. > > > > -- > > //David > > IIS > > http://blogs.msdn.com/David.Wang > > This posting is provided "AS IS" with no warranties, and confers no rights. > > // > > > > "Doug" <D***@discussions.microsoft.com> wrote in message > > news:0393219E-EDF5-4B07-994B-9251F78A9947@microsoft.com... > > > Ok to explain my scenario here is my goal > > > > > > I have an intranet site that is available internally as well as > > > externally. > > > Currently it is just html files on the intranet (that change may come > > > later > > > which will make it easy to secure via an application, unfortunately right > > > now > > > that is not an options) > > > > > > What i would like to do is essentialy mix windows and forms based > > > authentication however the articles I have found wont exactly accomplish > > > what > > > i need since I do not have my intranet as an application. > > > > > > I have anonymous turned off and integrated authentication turned on so > > > that > > > anyone internally does not get prompted for a username and password, the > > > external side first hits my redirection to ssl page (shich is set to allow > > > anonoymous access) and then the user gets prompted for a username and > > > password via the standard windows popup since I have windows NTFS > > > permissions > > > set on the entire directory. > > > > > > What I want to do is if a user is not authenticated via integrated, i want > > > to present them with a pretty form to log into instead of the windows pop > > > up > > > box, and then authenticate them against Active Directory and then pass the > > > authenticated credentials to IIS as they were logged into the computer > > > with > > > those credentials exactly as Microsoft has done with Exchange webmail. > > > > > > Is this possible and any steps in the right direction would be > > > appreciated. > > > I have the form written and is authenticating via Active Directory and > > > then > > > doing the redirect to the home page via ssl, the only problem I have to > > > work > > > the details on is passing those credentials to windows security so they > > > are > > > not prompted for the user name again via the windows pop up box. It looks > > > as > > > though the OWA logon passes those credentials to a .dll file that is > > > handling > > > this. > > > > > > > > > Thanks in advance for any tips helping me out on this one. > > > Please let me know if any of this is unclear. > > > > > > > > > > > > > > > Doug > > > > > > > > > > > > > > > 
Other interesting topics
HTTP_AUTHORIZATION header
Is there a way of downloading .cer files like you would do with .doc or .MP3 IIS6 'forgets' "Connect As" password for Virtual Directory 403 (Forbidden) after setting up SSL Redirect DMZ and Domains Single authentication for multiple IIS 6 servers Cannot connect to Web Server from Different Domain Multiple SSL certs on virtual servers - again IIS Manager Closes Unexpectedly Can't audit security events |
|||||||||||||||||||||||
