Consider a site used for an intranet which should also be accessible from the internet. On the intranet you want to use Windows Authentication and on the internet you want the users to access the site using forms authentication.
Is it possible to set up a mixed-mode with these two? I just want to validate that the user is logged in with either of them without using two sites.
Windows Authentication refers to authenticating against Windows user accounts on the box that the application is running on. Forms authentication is a stand alone method of authenticating in . NET forms that you can hook up to some other system, such as a database.
To verify/change that settings go to IE > Tools > Internet Options > Security TAB > Custom Level > Scroll it to the end and look for User Authentication options.
You may want to look at a similar question: mixed mode authentication against AD and fallback to the database if it fail with Membership providers
In the answer I posit a solution using a facade. I have leveraged this approach to integrate AD on multiple domains, aspnet sql provider and a legacy authentication database with measurable success.
I know of no build-in way of doing this. But you can use a simple workaround:
Choose forms authentication as your primary authentication and map windows authentication to it. You can do so in the applications AuthenticateRequest using global.asax or a special http handler or module. Identify your intranet user in this request and set the forms authentication cookie using FormsAuthentication.SetAuthCookie programmatically.
I actually use this for a mixed mode forms and IP-Number authentication, but I think it would work for forms and windows auth too.
By the way: Maybe mixed mode forms and IP-Number authentication is a second solution for your problem. If your server is part of a DMZ you can detect your Intranet user by the IP number subnet.
Hei, I had seen this page talking about 2 level authentication with IIS7: IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication, and this other that has the same requirements as you: IIS mixed mode authentication for ASP.NET Applications -http://beaucrawford.net/post/IIS-ldquo3bmixed-moderdquo3b-authentication-for-ASPNET-Application.aspx, but I didn't try any, maybe it works for you? I guess you just have to adapt it for your needs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With