Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mixing Windows Authentication with Forms Authentication

Consider a site used for an intranet which should also be accessible from the internet. On the intranet you want to use Windows Authentication and on the internet you want the users to access the site using forms authentication.

Is it possible to set up a mixed-mode with these two? I just want to validate that the user is logged in with either of them without using two sites.

like image 943
Filip Ekberg Avatar asked Jul 06 '10 09:07

Filip Ekberg


People also ask

What is the difference between Windows and Forms authentication?

Windows Authentication refers to authenticating against Windows user accounts on the box that the application is running on. Forms authentication is a stand alone method of authenticating in . NET forms that you can hook up to some other system, such as a database.

How do I change form authentication in Windows authentication?

To verify/change that settings go to IE > Tools > Internet Options > Security TAB > Custom Level > Scroll it to the end and look for User Authentication options.


3 Answers

You may want to look at a similar question: mixed mode authentication against AD and fallback to the database if it fail with Membership providers

In the answer I posit a solution using a facade. I have leveraged this approach to integrate AD on multiple domains, aspnet sql provider and a legacy authentication database with measurable success.

like image 153
Sky Sanders Avatar answered Dec 14 '22 08:12

Sky Sanders


I know of no build-in way of doing this. But you can use a simple workaround:

Choose forms authentication as your primary authentication and map windows authentication to it. You can do so in the applications AuthenticateRequest using global.asax or a special http handler or module. Identify your intranet user in this request and set the forms authentication cookie using FormsAuthentication.SetAuthCookie programmatically.

I actually use this for a mixed mode forms and IP-Number authentication, but I think it would work for forms and windows auth too.

By the way: Maybe mixed mode forms and IP-Number authentication is a second solution for your problem. If your server is part of a DMZ you can detect your Intranet user by the IP number subnet.

like image 41
Dirk Brockhaus Avatar answered Dec 14 '22 07:12

Dirk Brockhaus


Hei, I had seen this page talking about 2 level authentication with IIS7: IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication, and this other that has the same requirements as you: IIS mixed mode authentication for ASP.NET Applications -http://beaucrawford.net/post/IIS-ldquo3bmixed-moderdquo3b-authentication-for-ASPNET-Application.aspx, but I didn't try any, maybe it works for you? I guess you just have to adapt it for your needs.

like image 23
Richard Avatar answered Dec 14 '22 07:12

Richard