Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

IIS Mixed Anonymous and Windows Authentication

Tags:

c#

authentication

asp.net

iis

iis-7.5

I need to create an ASP .NET web page (hosted on Windows Server 2008R2 with IIS 7.5) which should be visible by domain users and anonymous users without prompting credential requests for both of them. Domain Users should be authorized to see the entire page, while anonymous users can see the public part of the page.

  • When I enable Windows authentication: domain users can see the entire page, but anonymous users are prompted for credentials.
  • When I enable anonymous authentication or both (anonymous and windows): anonymous users can see public part of the page, but domain users do not see the entire page (they are like anonymous users).

I use the following string to discriminate anonymous users and domain users:

WindowsAccountName = HttpContext.Current.Request.LogonUserIdentity.Name;

If WindowsAccountName is empty user is anonymous, otherwise is a domain user. Unfortunately, when anonymous authentication is enabled WindowsAccountName is always empty (even for domain users), but when anonymous authentication is disabled non-domain users are prompted for credentials.

Do you have any solution for these problem? Keep in mind that domain users are spread among different networks so IP address is not a good choice to discriminate domain users and non-domain users.

it looks like a catch-22 for me

Thanks.

like image 606
Michele Avatar asked Jan 23 '16 12:01

Michele

1 Answers

The term for this is Mixed-Mode Authentication. I have done this multiple times.

This can be accomplished by using a windows authenticated site that does no more that pull the users credentials from AD and pass those to the anonymous site. I have done this using a custom ticket (GUID in a database) that expires in 5 seconds. The anonymous site takes the GUID passed, queries the DB and obtains the user id. Other ways I have done this with an encrypted URL parameter that contains the user id and time-stamp.

Internal Site

Create a Redirect URL Site: Setup this site as Window Auth so you can pull the User ID from Active Directory. Give your users this URL and/or make it the link they click on your Intranet. Then this site calls your anonymous site and passes the user credentials (login id).

a. This can be done either via an encrypted string on the URL or encrypted value in a cookie. You can encrypt with an expiration date/time value too.

b. (Speaking from Forms Auth) Create a Forms Authentication Ticket with that user ID. Run any other login logic you have. Done.

External Site - No Changes required. Let the users login as-is.

like image 59
ElimGarak Avatar answered Nov 19 '22 16:11

ElimGarak
Sign in to Comment

Related questions

Will this be a valid base class for IDisposable
azure service bus not receiving all messages (only ~65%)
Failed to Add a New Scaffolded Item from a different Project into my Web Project (MVC 5)
Can't assign methods that return value types to Func<dynamic> [duplicate]
c# custom attribute for a method parameter - how it works?
In AutoMapper can you apply the same value resolver to multiple members
Programmatically set filename and path in Microsoft Print to PDF printer
Can Entity Framework generate an UPDATE ... WHERE statement in SQL?
Visual Studio "Pin is required to establish a connection"
Import Project to Immediate
Why do I need to change the Binding Source Position before I can SaveChanges
How can I store List<T> in local settings?
Linq SelectMany include parent
Strongly typed url action
Color tiles in Windows 10 desktop apps
Visual Studio Protocol Handler - Open File
How to call a c# web service in java?
Why Doesn't Visual Studio's Designer Match What I See At Runtime?
WPF - Multiline TextBox text gets blurry while typing a long text
How can I find the last character of a textbox text?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!