Ask a Question related to ASP.NET Security, Design and Development.
-
Niclas Lindblom #1
get WindowsIdentity with forms authentication
Hi,
I am trying to figure out a way to authenticate against Active Directory and
retrieve system.security.principal.WindowsIdentity object, without having to
see the awful grey Basic Authentication logon box. I have found
documentation that you can send a authtentication request programatically by
using the system.net.authenticationmanager.authenticate method, but i can
not get this to work and have not found any samples.
Does anyone know a way to Authenticate against AD and have your browser
session retrieve a identity using forms ?
regards
Niclas
Niclas Lindblom Guest
-
Accessing htm files without authentication (forms authentication)
I have application with forms authentication. All works fine. When user opens .aspx file gets login form, login and then get the .aspx page. But... -
ASP.Net Forms authentication with basic authentication popup
Relatively new to ASP.Net but have a strange problem. My site uses forms authentication for a large administration section however after the user... -
Forms authentication then redirection to a secure web with NT authentication?
Hi, I want to allow access to particular secured intranet web sites. These intranet are stored in sharepoint (2003 version) Actually I've... -
Authentication ticket, cookieless, forms authentication?
Hi. I want to use Forms Authentication, cookieless. The issue is setting the Authentication Ticket without using cookies (!) That is, the... -
Forms authentication with Windows authentication
Hi, I have an ASP.NET web site that uses IIS Basic Authentication and accesses an OLAP Server at various stages. The OLAP Server authentication... -
Joe Kaplan \(MVP - ADSI\) #2 Re: get WindowsIdentity with forms authentication
If you want an actual WindowsIdentity object, you must have a logon token
for the user, which means that you will need to call LogonUser with the
user's credentials.
If you would be okay with a GenericIdentity/GenericPrincipal, then you can
create one by authenticating to AD and building those objects yourself.
There is a sample on how to do this with System.DirectoryServices and Forms
authentication in the MS KB:
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340[/url]
That article has some flaws in it, but it is an okay starting point. Note
that the recommended way of doing authentication is by using SSPI instead of
System.DirectoryServices with an LDAP bind, but I don't have a good managed
code wrapper example of SSPI. Maybe someone else does?
The disadvantage with the GenericIdentity is that you can't impersonate with
it, but it can be used to drive the security model in your application using
the standard IPrincipal interface.
HTH,
Joe K.
"Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
news:%23JDulu0jDHA.4008@TK2MSFTNGP11.phx.gbl...and> Hi,
>
> I am trying to figure out a way to authenticate against Active Directoryto> retrieve system.security.principal.WindowsIdentity object, without havingby> see the awful grey Basic Authentication logon box. I have found
> documentation that you can send a authtentication request programatically> using the system.net.authenticationmanager.authenticate method, but i can
> not get this to work and have not found any samples.
>
> Does anyone know a way to Authenticate against AD and have your browser
> session retrieve a identity using forms ?
>
> regards
>
> Niclas
>
>Joe Kaplan \(MVP - ADSI\) Guest
-
MS Newsgroups #3 Re: get WindowsIdentity with forms authentication
Is there no way i can do this and get the same functionality as using Basic
authentication with the grey box (not sure how this works) since this seem
to create a session identity automatically.
Thanks for your help
Niclas
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:ePsARB1jDHA.2416@TK2MSFTNGP10.phx.gbl...Forms> If you want an actual WindowsIdentity object, you must have a logon token
> for the user, which means that you will need to call LogonUser with the
> user's credentials.
>
> If you would be okay with a GenericIdentity/GenericPrincipal, then you can
> create one by authenticating to AD and building those objects yourself.
> There is a sample on how to do this with System.DirectoryServices andof> authentication in the MS KB:
>
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340[/url]
>
> That article has some flaws in it, but it is an okay starting point. Note
> that the recommended way of doing authentication is by using SSPI insteadmanaged> System.DirectoryServices with an LDAP bind, but I don't have a goodwith> code wrapper example of SSPI. Maybe someone else does?
>
> The disadvantage with the GenericIdentity is that you can't impersonateusing> it, but it can be used to drive the security model in your applicationhaving> the standard IPrincipal interface.
>
> HTH,
>
> Joe K.
>
> "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> news:%23JDulu0jDHA.4008@TK2MSFTNGP11.phx.gbl...> and> > Hi,
> >
> > I am trying to figure out a way to authenticate against Active Directory> > retrieve system.security.principal.WindowsIdentity object, withoutprogramatically> to> > see the awful grey Basic Authentication logon box. I have found
> > documentation that you can send a authtentication requestcan> by> > using the system.net.authenticationmanager.authenticate method, but i>> > not get this to work and have not found any samples.
> >
> > Does anyone know a way to Authenticate against AD and have your browser
> > session retrieve a identity using forms ?
> >
> > regards
> >
> > Niclas
> >
> >
MS Newsgroups Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: get WindowsIdentity with forms authentication
It sounds like you want a WindowsIdentity/logon token for the user, so you
will need to use an API that calls LogonUser. The easy way to do this would
be to build a Forms Auth. system that uses the new constructor on
WindowsIdentity in Framework 1.1 that takes a username and password. Note
that the documentation says that you must be running Win2K3 for this call to
work.
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassct orTopic5.asp?frame=true[/url]
The other option is to P/Invoke LogonUser directly. You need very high
privileges to call this function under Windows 2000 though, so the viability
of this solution may depend on your platform and security needs.
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsImpersonationCo ntextClassTopic.asp?frame=true[/url]
Either of these (which do essentially the same thing under the hood) will
give you the same functionality as Basic authentication (a primary logon
token).
HTH,
Joe K.
"MS Newsgroups" <nospam@nospam.com> wrote in message
news:%23XjD939jDHA.744@tk2msftngp13.phx.gbl...Basic> Is there no way i can do this and get the same functionality as usingtoken> authentication with the grey box (not sure how this works) since this seem
> to create a session identity automatically.
>
> Thanks for your help
>
> Niclas
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:ePsARB1jDHA.2416@TK2MSFTNGP10.phx.gbl...> > If you want an actual WindowsIdentity object, you must have a logoncan> > for the user, which means that you will need to call LogonUser with the
> > user's credentials.
> >
> > If you would be okay with a GenericIdentity/GenericPrincipal, then youNote> Forms> > create one by authenticating to AD and building those objects yourself.
> > There is a sample on how to do this with System.DirectoryServices and> > authentication in the MS KB:
> >
> > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340[/url]
> >
> > That article has some flaws in it, but it is an okay starting point.instead> > that the recommended way of doing authentication is by using SSPIDirectory> of> managed> > System.DirectoryServices with an LDAP bind, but I don't have a good> with> > code wrapper example of SSPI. Maybe someone else does?
> >
> > The disadvantage with the GenericIdentity is that you can't impersonate> using> > it, but it can be used to drive the security model in your application> > the standard IPrincipal interface.
> >
> > HTH,
> >
> > Joe K.
> >
> > "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> > news:%23JDulu0jDHA.4008@TK2MSFTNGP11.phx.gbl...> > > Hi,
> > >
> > > I am trying to figure out a way to authenticate against Activebrowser> having> > and> > > retrieve system.security.principal.WindowsIdentity object, without> programatically> > to> > > see the awful grey Basic Authentication logon box. I have found
> > > documentation that you can send a authtentication request> can> > by> > > using the system.net.authenticationmanager.authenticate method, but i> > > not get this to work and have not found any samples.
> > >
> > > Does anyone know a way to Authenticate against AD and have your>> >> > > session retrieve a identity using forms ?
> > >
> > > regards
> > >
> > > Niclas
> > >
> > >
>Joe Kaplan \(MVP - ADSI\) Guest
-
Niclas Lindblom #5 Re: get WindowsIdentity with forms authentication
Thanks Joe, I have actually looked at this option. What i haven't figured
out yet is how to associate the current users session with the new
WindowsIdentity object i have created. I have a feeling that i need to use
impersonation, but haven't had time to test this yet.
Am I one the right track, or do you know how to get this working ?
Thanks for helping out
Niclas
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:O1Va9FHkDHA.2424@TK2MSFTNGP10.phx.gbl...would> It sounds like you want a WindowsIdentity/logon token for the user, so you
> will need to use an API that calls LogonUser. The easy way to do thisto> be to build a Forms Auth. system that uses the new constructor on
> WindowsIdentity in Framework 1.1 that takes a username and password. Note
> that the documentation says that you must be running Win2K3 for this call[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassct orTopic5.asp?frame=true[/url]> work.
>
>viability>
> The other option is to P/Invoke LogonUser directly. You need very high
> privileges to call this function under Windows 2000 though, so the[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsImpersonationCo ntextClassTopic.asp?frame=true[/url]> of this solution may depend on your platform and security needs.
>
>seem>
> Either of these (which do essentially the same thing under the hood) will
> give you the same functionality as Basic authentication (a primary logon
> token).
>
> HTH,
>
> Joe K.
>
>
> "MS Newsgroups" <nospam@nospam.com> wrote in message
> news:%23XjD939jDHA.744@tk2msftngp13.phx.gbl...> Basic> > Is there no way i can do this and get the same functionality as using> > authentication with the grey box (not sure how this works) since thiswrote> > to create a session identity automatically.
> >
> > Thanks for your help
> >
> > Niclas
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>the> token> > in message news:ePsARB1jDHA.2416@TK2MSFTNGP10.phx.gbl...> > > If you want an actual WindowsIdentity object, you must have a logon> > > for the user, which means that you will need to call LogonUser withyourself.> can> > > user's credentials.
> > >
> > > If you would be okay with a GenericIdentity/GenericPrincipal, then you> > > create one by authenticating to AD and building those objectsimpersonate> Note> > Forms> > > There is a sample on how to do this with System.DirectoryServices and> > > authentication in the MS KB:
> > >
> > > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340[/url]
> > >
> > > That article has some flaws in it, but it is an okay starting point.> instead> > > that the recommended way of doing authentication is by using SSPI> > of> > managed> > > System.DirectoryServices with an LDAP bind, but I don't have a good> > > code wrapper example of SSPI. Maybe someone else does?
> > >
> > > The disadvantage with the GenericIdentity is that you can'ti> Directory> > with> > using> > > it, but it can be used to drive the security model in your application> > > the standard IPrincipal interface.
> > >
> > > HTH,
> > >
> > > Joe K.
> > >
> > > "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> > > news:%23JDulu0jDHA.4008@TK2MSFTNGP11.phx.gbl...
> > > > Hi,
> > > >
> > > > I am trying to figure out a way to authenticate against Active> > having> > > and
> > > > retrieve system.security.principal.WindowsIdentity object, without> > programatically> > > to
> > > > see the awful grey Basic Authentication logon box. I have found
> > > > documentation that you can send a authtentication request> > > by
> > > > using the system.net.authenticationmanager.authenticate method, but> browser> > can> > > > not get this to work and have not found any samples.
> > > >
> > > > Does anyone know a way to Authenticate against AD and have your>> >> > > > session retrieve a identity using forms ?
> > > >
> > > > regards
> > > >
> > > > Niclas
> > > >
> > > >
> > >
> >
Niclas Lindblom Guest
-
Joe Kaplan \(MVP - ADSI\) #6 Re: get WindowsIdentity with forms authentication
The normal thing to do would be to create the WindowIdentity, then to create
a new WindowsPrincipal from that and set the User property on the
HttpContext equal to that. Then the WindowsPrincipal for the current user
will be associated with that request and all of the normal ASP.NET
role-based security will flow from there.
Someone else may need to provide you with more details if that isn't enough
info as I am not a super expert in Forms authentication.
Joe K.
"Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
news:eR8P5uKkDHA.1656@tk2msftngp13.phx.gbl...you> Thanks Joe, I have actually looked at this option. What i haven't figured
> out yet is how to associate the current users session with the new
> WindowsIdentity object i have created. I have a feeling that i need to use
> impersonation, but haven't had time to test this yet.
>
> Am I one the right track, or do you know how to get this working ?
>
> Thanks for helping out
>
> Niclas
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:O1Va9FHkDHA.2424@TK2MSFTNGP10.phx.gbl...> > It sounds like you want a WindowsIdentity/logon token for the user, soNote> would> > will need to use an API that calls LogonUser. The easy way to do this> > be to build a Forms Auth. system that uses the new constructor on
> > WindowsIdentity in Framework 1.1 that takes a username and password.call> > that the documentation says that you must be running Win2K3 for this[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassct orTopic5.asp?frame=true[/url]> to>> > work.
> >
> >[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsImpersonationCo ntextClassTopic.asp?frame=[/url]> viability> >
> > The other option is to P/Invoke LogonUser directly. You need very high
> > privileges to call this function under Windows 2000 though, so the>> > of this solution may depend on your platform and security needs.
> >
> >
truewill> >
> > Either of these (which do essentially the same thing under the hood)you> seem> > give you the same functionality as Basic authentication (a primary logon
> > token).
> >
> > HTH,
> >
> > Joe K.
> >
> >
> > "MS Newsgroups" <nospam@nospam.com> wrote in message
> > news:%23XjD939jDHA.744@tk2msftngp13.phx.gbl...> > Basic> > > Is there no way i can do this and get the same functionality as using> > > authentication with the grey box (not sure how this works) since this> wrote> > > to create a session identity automatically.
> > >
> > > Thanks for your help
> > >
> > > Niclas
> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>> the> > token> > > in message news:ePsARB1jDHA.2416@TK2MSFTNGP10.phx.gbl...
> > > > If you want an actual WindowsIdentity object, you must have a logon> > > > for the user, which means that you will need to call LogonUser with> > > > user's credentials.
> > > >
> > > > If you would be okay with a GenericIdentity/GenericPrincipal, thenand> yourself.> > can> > > > create one by authenticating to AD and building those objects> > > > There is a sample on how to do this with System.DirectoryServicesapplication> impersonate> > Note> > > Forms
> > > > authentication in the MS KB:
> > > >
> > > > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340[/url]
> > > >
> > > > That article has some flaws in it, but it is an okay starting point.> > instead> > > > that the recommended way of doing authentication is by using SSPI> > > of
> > > > System.DirectoryServices with an LDAP bind, but I don't have a good
> > > managed
> > > > code wrapper example of SSPI. Maybe someone else does?
> > > >
> > > > The disadvantage with the GenericIdentity is that you can't> > > with
> > > > it, but it can be used to drive the security model in yourbut> > Directory> > > using
> > > > the standard IPrincipal interface.
> > > >
> > > > HTH,
> > > >
> > > > Joe K.
> > > >
> > > > "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> > > > news:%23JDulu0jDHA.4008@TK2MSFTNGP11.phx.gbl...
> > > > > Hi,
> > > > >
> > > > > I am trying to figure out a way to authenticate against Active> > > > and
> > > > > retrieve system.security.principal.WindowsIdentity object, without
> > > having
> > > > to
> > > > > see the awful grey Basic Authentication logon box. I have found
> > > > > documentation that you can send a authtentication request
> > > programatically
> > > > by
> > > > > using the system.net.authenticationmanager.authenticate method,> i>> > browser> > > can
> > > > > not get this to work and have not found any samples.
> > > > >
> > > > > Does anyone know a way to Authenticate against AD and have your> >> > > > > session retrieve a identity using forms ?
> > > > >
> > > > > regards
> > > > >
> > > > > Niclas
> > > > >
> > > > >
> > > >
> > >
> > >
>Joe Kaplan \(MVP - ADSI\) Guest
-
Alan Mendelevich #7 Re: get WindowsIdentity with forms authentication
Hi,
I've came to the same solution on my own but when I assign WindowsPrincipal
to the User property of HttpContext it get's assigned for the current
request but for the next request it's gone. User.Identity.Name becomes
"Anonymous" again and IsAuthenticated is false. What should I do for this
assignment to persist across requests?
Best regards,
Alan Mendelevich.
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:ei52RHUkDHA.3256@tk2msftngp13.phx.gbl...create> The normal thing to do would be to create the WindowIdentity, then toenough> a new WindowsPrincipal from that and set the User property on the
> HttpContext equal to that. Then the WindowsPrincipal for the current user
> will be associated with that request and all of the normal ASP.NET
> role-based security will flow from there.
>
> Someone else may need to provide you with more details if that isn'tfigured> info as I am not a super expert in Forms authentication.
>
> Joe K.
>
> "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> news:eR8P5uKkDHA.1656@tk2msftngp13.phx.gbl...> > Thanks Joe, I have actually looked at this option. What i haven'tuse> > out yet is how to associate the current users session with the new
> > WindowsIdentity object i have created. I have a feeling that i need towrote> > impersonation, but haven't had time to test this yet.
> >
> > Am I one the right track, or do you know how to get this working ?
> >
> > Thanks for helping out
> >
> > Niclas
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/[/url]> you> > in message news:O1Va9FHkDHA.2424@TK2MSFTNGP10.phx.gbl...> > > It sounds like you want a WindowsIdentity/logon token for the user, so> Note> > would> > > will need to use an API that calls LogonUser. The easy way to do this> > > be to build a Forms Auth. system that uses the new constructor on
> > > WindowsIdentity in Framework 1.1 that takes a username and password.> call> > > that the documentation says that you must be running Win2K3 for this>> > to> >> > > work.
> > >
> > >
frlrfSystemSecurityPrincipalWindowsIdentityClassct orTopic5.asp?frame=truehigh> > >
> > > The other option is to P/Invoke LogonUser directly. You need very[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/[/url]>> > viability> > > privileges to call this function under Windows 2000 though, so the> >> > > of this solution may depend on your platform and security needs.
> > >
> > >
frlrfSystemSecurityPrincipalWindowsImpersonationCo ntextClassTopic.asp?frame=logon> true> will> > >
> > > Either of these (which do essentially the same thing under the hood)> > > give you the same functionality as Basic authentication (a primaryusing> > > token).
> > >
> > > HTH,
> > >
> > > Joe K.
> > >
> > >
> > > "MS Newsgroups" <nospam@nospam.com> wrote in message
> > > news:%23XjD939jDHA.744@tk2msftngp13.phx.gbl...
> > > > Is there no way i can do this and get the same functionality asthis> > > Basic
> > > > authentication with the grey box (not sure how this works) sincelogon> > seem> > wrote> > > > to create a session identity automatically.
> > > >
> > > > Thanks for your help
> > > >
> > > > Niclas
> > > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>> > > > in message news:ePsARB1jDHA.2416@TK2MSFTNGP10.phx.gbl...
> > > > > If you want an actual WindowsIdentity object, you must have awith> > > token
> > > > > for the user, which means that you will need to call LogonUserpoint.> you> > the> > > > > user's credentials.
> > > > >
> > > > > If you would be okay with a GenericIdentity/GenericPrincipal, then> and> > yourself.> > > can
> > > > > create one by authenticating to AD and building those objects> > > > > There is a sample on how to do this with System.DirectoryServices> > > > Forms
> > > > > authentication in the MS KB:
> > > > >
> > > > > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340[/url]
> > > > >
> > > > > That article has some flaws in it, but it is an okay startinggood> > > Note
> > > > > that the recommended way of doing authentication is by using SSPI
> > > instead
> > > > of
> > > > > System.DirectoryServices with an LDAP bind, but I don't have awithout> application> > impersonate> > > > managed
> > > > > code wrapper example of SSPI. Maybe someone else does?
> > > > >
> > > > > The disadvantage with the GenericIdentity is that you can't> > > > with
> > > > > it, but it can be used to drive the security model in your> > > > using
> > > > > the standard IPrincipal interface.
> > > > >
> > > > > HTH,
> > > > >
> > > > > Joe K.
> > > > >
> > > > > "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> > > > > news:%23JDulu0jDHA.4008@TK2MSFTNGP11.phx.gbl...
> > > > > > Hi,
> > > > > >
> > > > > > I am trying to figure out a way to authenticate against Active
> > > Directory
> > > > > and
> > > > > > retrieve system.security.principal.WindowsIdentity object,> but> > > > having
> > > > > to
> > > > > > see the awful grey Basic Authentication logon box. I have found
> > > > > > documentation that you can send a authtentication request
> > > > programatically
> > > > > by
> > > > > > using the system.net.authenticationmanager.authenticate method,>> > i> >> > > > can
> > > > > > not get this to work and have not found any samples.
> > > > > >
> > > > > > Does anyone know a way to Authenticate against AD and have your
> > > browser
> > > > > > session retrieve a identity using forms ?
> > > > > >
> > > > > > regards
> > > > > >
> > > > > > Niclas
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> >
Alan Mendelevich Guest
-
MS Newsgroups #8 Re: get WindowsIdentity with forms authentication
This is how i done it:
Logon using API call to get a token, create a new WindowsIdentity Object and
create a new Windows principal
Add the principal to the session with
session.add("AuthID", ctype(myNewPrincipal,object))
Change userID for this call with:
context.User = CType(Session.Item("AuthID"), WindowsPrincipal)
Then i use global.asax to change the identity for every request
Private Sub Global_PreRequestHandlerExecute(ByVal sender As Object, ByVal e
As System.EventArgs) Handles MyBase.PreRequestHandlerExecute
If Not Session.Item("AuthIdentity") Is Nothing Then
Context.User = CType(Session.Item("AuthIdentity"),
WindowsPrincipal)
End If
What i have also done, but not included here, is that i save the anonymous
principal to the session before switching, so i can switch back if i would
like the user to be able to perform a log off and continue as anonymous
Any questions,
Let me know
Niclas Lindblom
"Alan Mendelevich" <ng@ailon.org> wrote in message
news:utdagljkDHA.3504@TK2MSFTNGP11.phx.gbl...WindowsPrincipal> Hi,
>
> I've came to the same solution on my own but when I assignuser> to the User property of HttpContext it get's assigned for the current
> request but for the next request it's gone. User.Identity.Name becomes
> "Anonymous" again and IsAuthenticated is false. What should I do for this
> assignment to persist across requests?
>
> Best regards,
> Alan Mendelevich.
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:ei52RHUkDHA.3256@tk2msftngp13.phx.gbl...> create> > The normal thing to do would be to create the WindowIdentity, then to> > a new WindowsPrincipal from that and set the User property on the
> > HttpContext equal to that. Then the WindowsPrincipal for the currentso> enough> > will be associated with that request and all of the normal ASP.NET
> > role-based security will flow from there.
> >
> > Someone else may need to provide you with more details if that isn't> figured> > info as I am not a super expert in Forms authentication.
> >
> > Joe K.
> >
> > "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> > news:eR8P5uKkDHA.1656@tk2msftngp13.phx.gbl...> > > Thanks Joe, I have actually looked at this option. What i haven't> use> > > out yet is how to associate the current users session with the new
> > > WindowsIdentity object i have created. I have a feeling that i need to> wrote> > > impersonation, but haven't had time to test this yet.
> > >
> > > Am I one the right track, or do you know how to get this working ?
> > >
> > > Thanks for helping out
> > >
> > > Niclas
> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>> > > in message news:O1Va9FHkDHA.2424@TK2MSFTNGP10.phx.gbl...
> > > > It sounds like you want a WindowsIdentity/logon token for the user,this> > you> > > > will need to use an API that calls LogonUser. The easy way to do[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/[/url]>> > Note> > > would
> > > > be to build a Forms Auth. system that uses the new constructor on
> > > > WindowsIdentity in Framework 1.1 that takes a username and password.> > call> > > > that the documentation says that you must be running Win2K3 for this> >> > > to
> > > > work.
> > > >
> > > >
> > >[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/[/url]> frlrfSystemSecurityPrincipalWindowsIdentityClassct orTopic5.asp?frame=true> high> > > >
> > > > The other option is to P/Invoke LogonUser directly. You need very>> >> > > > privileges to call this function under Windows 2000 though, so the
> > > viability
> > > > of this solution may depend on your platform and security needs.
> > > >
> > > >
> > >frlrfSystemSecurityPrincipalWindowsImpersonationCo ntextClassTopic.asp?frame=><joseph.e.kaplan@removethis.accenture.com>> logon> > true> > will> > > >
> > > > Either of these (which do essentially the same thing under the hood)> > > > give you the same functionality as Basic authentication (a primary> using> > > > token).
> > > >
> > > > HTH,
> > > >
> > > > Joe K.
> > > >
> > > >
> > > > "MS Newsgroups" <nospam@nospam.com> wrote in message
> > > > news:%23XjD939jDHA.744@tk2msftngp13.phx.gbl...
> > > > > Is there no way i can do this and get the same functionality as> this> > > > Basic
> > > > > authentication with the grey box (not sure how this works) since> > > seem
> > > > > to create a session identity automatically.
> > > > >
> > > > > Thanks for your help
> > > > >
> > > > > Niclas
> > > > > "Joe Kaplan (MVP - ADSI)"then> logon> > > wrote
> > > > > in message news:ePsARB1jDHA.2416@TK2MSFTNGP10.phx.gbl...
> > > > > > If you want an actual WindowsIdentity object, you must have a> with> > > > token
> > > > > > for the user, which means that you will need to call LogonUser> > > the
> > > > > > user's credentials.
> > > > > >
> > > > > > If you would be okay with a GenericIdentity/GenericPrincipal,System.DirectoryServices> > you> > > > can
> > > > > > create one by authenticating to AD and building those objects
> > > yourself.
> > > > > > There is a sample on how to do this withSSPI> point.> > and> > > > > Forms
> > > > > > authentication in the MS KB:
> > > > > >
> > > > > > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340[/url]
> > > > > >
> > > > > > That article has some flaws in it, but it is an okay starting> > > > Note
> > > > > > that the recommended way of doing authentication is by usingfound> good> > > > instead
> > > > > of
> > > > > > System.DirectoryServices with an LDAP bind, but I don't have a> without> > application> > > > > managed
> > > > > > code wrapper example of SSPI. Maybe someone else does?
> > > > > >
> > > > > > The disadvantage with the GenericIdentity is that you can't
> > > impersonate
> > > > > with
> > > > > > it, but it can be used to drive the security model in your> > > > > using
> > > > > > the standard IPrincipal interface.
> > > > > >
> > > > > > HTH,
> > > > > >
> > > > > > Joe K.
> > > > > >
> > > > > > "Niclas Lindblom" <lindblom_niclas@hotmail.com> wrote in message
> > > > > > news:%23JDulu0jDHA.4008@TK2MSFTNGP11.phx.gbl...
> > > > > > > Hi,
> > > > > > >
> > > > > > > I am trying to figure out a way to authenticate against Active
> > > > Directory
> > > > > > and
> > > > > > > retrieve system.security.principal.WindowsIdentity object,> > > > > having
> > > > > > to
> > > > > > > see the awful grey Basic Authentication logon box. I havemethod,> > > > > > > documentation that you can send a authtentication request
> > > > > programatically
> > > > > > by
> > > > > > > using the system.net.authenticationmanager.authenticateyour> > but> > > i
> > > > > can
> > > > > > > not get this to work and have not found any samples.
> > > > > > >
> > > > > > > Does anyone know a way to Authenticate against AD and have>> >> > > > browser
> > > > > > > session retrieve a identity using forms ?
> > > > > > >
> > > > > > > regards
> > > > > > >
> > > > > > > Niclas
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> > >
>
MS Newsgroups Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
