开发者

Using ASP.NET to create a windows authenticated token from a basic authenicated web site

开发者 https://www.devze.com 2023-01-11 14:17 出处:网络
Inside IIS I have a virtual directory which is protected by basic authentication. What I want to do is allow the user to authenticate themselves, then use an aspx page to create a windows token and re

Inside IIS I have a virtual directory which is protected by basic authentication. What I want to do is allow the user to authenticate themselves, then use an aspx page to create a windows token and redirect the user to an xbap insi开发者_C百科de a virtual directory secured by windows authentication.

The reason behind using the initial aspx page is due to an RSA server. I've been told that we need to use basic authentication to allow the users to validate themselves against AD and the RSA server.

I have tried using the LogonUser Windows API call which returns a validated WindowsIndentity but I'm either told that I'm unable to use this form of impersonation, or I redirect at which point IIS then asks for credentials again meaning it doesn't see the Windows token.

I've set up the web.config in the aspx page to use Forms authentication although it is IIS doing the actual authenticating. I've tried also using the FormsAuthentication.SetAuthCookie but that doesn't do any good either.

Anyone have any ideas? Really stuck and I know this should be possible.

Thanks


Hey, I guess my first question would be why you are doing this? If you need to use the users credentials directly, just configure Windows Authentication (won't that validate the users against AD if they are in a domain? I might be wrong here, it's been a while), if you are trying to use another account set it on the application pool that hosts you're applicaton.

To configure windows authentication on you're server see here:

http://www.iis.net/ConfigReference/system.webServer/security/authentication


Thanks for getting back to me. The users need to enter their account details as they won't be physically on the domain. I was told that it had to be basic authentication to allow IIS to secure the site using the RSA server.

The other reason for the Windows authentication token is that there is a WCF service that is also secured using Windows authentication that needs to be accessed by the xbap, so the users need to be verified and logged in to access it all.

I don't want to use a service account for the app pool, I need to use the user's domain account (customer requirement).

Thanks

0

精彩评论

暂无评论...
验证码 换一张
取 消