Menu
I'm using forms authentication and launching a site from Visual Studio 2010. It is using the Visual Studio Development (web) Server and not IIS. The web.config has:
<authenticaion mode="Forms">
<forms name=".MyApp" protection="All" cookieless="UseCookies"/>
</authentication>
The login page is using the ASP.NET login control. Before the user even logs in, I can see following:
HttpContext.Current.Request.LogonUserIdentity.AuthenticationType == "NTLM"
HttpContext.Current.User.Identity == System.Security.Principal.GenericIdentity
HttpContext.Current.User.Identity.AuthenticationType == "NTLM"
This user seems to be authenticated as a local system user and not a web user. Doesn't this mean the user will always be authenticated, regardless if they logged into the site or not?
How is a web user NTLM?
438
As far as I know cassini does does not support Windows authentication.
Its runs as a local system account and thats what you see as NTLM authenticated.
If you are developping/debugging security features for an Asp.Net application (or WCF) I highly suggest you deploy to IIS.
70
If I'm not mistaken you're seeing yourself as being the User (being authenticated) running Visual Studio (in your user context) when you are debugging using VS and it's dev server.
Visual Studio runs in your context (your Windows user account/permissions, etc.) - Request.LogonUserIdentity.User
It shouldn't affect your debugging of Web Forms/Forms Authentication. After successful Forms Auth Login, you can obtain HttpContext.User.Identity.Name of the "forms auth user" (web user).
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
