Windows / Forms Login

Posted on 2009-04-28
Last Modified: 2012-05-06
What to do&

I am building a portal for an office.  
I intend to offer a lot of user-specific customizations (like user-specific web parts and color schemes and content).
I want to take advantage of the .net personalization controls.
Those controls expect you to use forms authentication and to have a database that includes all of the default tables such as aspnet_PersonalizationPerUser

So far, I have used the Visual Studio web administration tool to set up page-level security, roles, membership etc. etc.  Although I used MS SQL SERVER (rather than the default MS sqlserver express database).

Everything works just fine. Users are directed to Login.aspx, they enter their user name and password, they are authenticated and they proceed to their home page.


I don't really want to have them enter their user name and password. The application is on a secure intranet and they are already logged in.  

I would like to cheat and simply automatically fill out and submit the Login form.  I can set the username on that form to Request.ServerVariables("LOGON_USER"), but I cannot set the password& it is read only of course.

I don't want to switch to Windows authentication because then I lose the ability to create simple and easy user customizations that rely on the database data that was created by using forms security and the Visual Studio web administration tool.

What might I do here?
Question by:santaspores1
    LVL 14

    Accepted Solution


    It is not recommended to skip the login page by filling out the username and password. But you can have one separate page which uses windows authentication to authenticate the user and allow them inside. You can do it by creating an aspx page LoginLDAP.aspx and include the following code in web.config file.


           <location path="LoginLDAP.aspx">
                            <allow users="?,*" />

    In the LoginLDAP.aspx.cs

                            string[] username = Request.ServerVariables["Logon_User"].Split('\\');
                      String loginName=username[1];
                      String domain=username[0];      

                            bool isCookiePersistent = false;
                      FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(Request.ServerVariables["Logon_User"], isCookiePersistent,60);

                      //Encrypt the ticket.
                      string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

                      //Create a cookie, and then add the encrypted ticket to the cookie as data.
                      HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

                      if (true == isCookiePersistent)
                            authCookie.Expires = authTicket.Expiration;

                      //Add the cookie to the outgoing cookies collection.


    Author Closing Comment

    Thank you so much for this help.  Two additional questions (only if you have time):
    1. How do I tell my app that the default login page will now be LoginLDAP rather than login?
    2. Do you happen to have a vb version of this code?

    Thank you so much for this help!

    Author Comment

    Thank you so much for this help. It is exactly the sort of thing I was looking for.
    Two follow up questions (only if you have time):
    1. How do I tell my app that the default login page will now be LoginLDAP rather than Login? There isn't anything in web.config that specified the default login page and I don't think this is an IIS specification to the application...
    2. Do you happen to have a vb version of this code?
    LVL 14

    Expert Comment


    1. If you wan't to keep LoginLDAP.aspx as the default login page, they you can't use Forms Authentication in your website because you LoginLDAP.aspx page uses Windows Authentication by default.

    2. The VB version of the code.

    Dim username As String() = Request.ServerVariables("Logon_User").Split("\"c)
    Dim loginName As [String] = username(1)
    Dim domain As [String] = username(0)

    Dim isCookiePersistent As Boolean = False
    Dim authTicket As New FormsAuthenticationTicket(Request.ServerVariables("Logon_User"), isCookiePersistent, 60)

    'Encrypt the ticket.
    Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)

    'Create a cookie, and then add the encrypted ticket to the cookie as data.
    Dim authCookie As New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)

    If True = isCookiePersistent Then
        authCookie.Expires = authTicket.Expiration
    End If

    'Add the cookie to the outgoing cookies collection.


    Author Comment

    I guess I don't understand.  The whole goal is not require users to have to type their name and password in order to access these applications... while still using forms authentication so that I can use the associated database tables for managing personalization data.

    If I am still using Login.aspx then users have to type their name and password and undergo forms authentication... when would they ever hit LoginLDAP?
    LVL 14

    Expert Comment

    You can still have Login.aspx. In the same Login.aspx page have a button or link saying "Login with Windows Credentials" and point the url to LoginLDAP.aspx. Users have to just click on the link to get redirected to the LoginLDAP.aspx.

    Author Comment

    John - everything is smooth like butter - thanks to you - I appreciate your time!

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
    ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now