[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows / Forms Login

Posted on 2009-04-28
7
Medium Priority
?
231 Views
Last Modified: 2012-05-06
What to do&

I am building a portal for an office.  
I intend to offer a lot of user-specific customizations (like user-specific web parts and color schemes and content).
I want to take advantage of the .net personalization controls.
Those controls expect you to use forms authentication and to have a database that includes all of the default tables such as aspnet_PersonalizationPerUser

So far, I have used the Visual Studio web administration tool to set up page-level security, roles, membership etc. etc.  Although I used MS SQL SERVER (rather than the default MS sqlserver express database).

Everything works just fine. Users are directed to Login.aspx, they enter their user name and password, they are authenticated and they proceed to their home page.

BUT

I don't really want to have them enter their user name and password. The application is on a secure intranet and they are already logged in.  

I would like to cheat and simply automatically fill out and submit the Login form.  I can set the username on that form to Request.ServerVariables("LOGON_USER"), but I cannot set the password& it is read only of course.

I don't want to switch to Windows authentication because then I lose the ability to create simple and easy user customizations that rely on the database data that was created by using forms security and the Visual Studio web administration tool.

What might I do here?
0
Comment
Question by:santaspores1
  • 4
  • 3
7 Comments
 
LVL 14

Accepted Solution

by:
GiftsonDJohn earned 2000 total points
ID: 24257659
Hi,

It is not recommended to skip the login page by filling out the username and password. But you can have one separate page which uses windows authentication to authenticate the user and allow them inside. You can do it by creating an aspx page LoginLDAP.aspx and include the following code in web.config file.

<configurations>
.
.
.
.

       <location path="LoginLDAP.aspx">
            <system.web>
                  <authorization>
                        <allow users="?,*" />
                  </authorization>
            </system.web>
      </location>
<configurations>

In the LoginLDAP.aspx.cs

                        string[] username = Request.ServerVariables["Logon_User"].Split('\\');
                  String loginName=username[1];
                  String domain=username[0];      

                        bool isCookiePersistent = false;
                  FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(Request.ServerVariables["Logon_User"], isCookiePersistent,60);

                  //Encrypt the ticket.
                  string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

                  //Create a cookie, and then add the encrypted ticket to the cookie as data.
                  HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

                  if (true == isCookiePersistent)
                        authCookie.Expires = authTicket.Expiration;

                  //Add the cookie to the outgoing cookies collection.
                  Response.Cookies.Add(authCookie);

0
 

Author Closing Comment

by:santaspores1
ID: 31575540
Thank you so much for this help.  Two additional questions (only if you have time):
1. How do I tell my app that the default login page will now be LoginLDAP rather than login?
2. Do you happen to have a vb version of this code?

Thank you so much for this help!
0
 

Author Comment

by:santaspores1
ID: 24260467
Thank you so much for this help. It is exactly the sort of thing I was looking for.
Two follow up questions (only if you have time):
1. How do I tell my app that the default login page will now be LoginLDAP rather than Login? There isn't anything in web.config that specified the default login page and I don't think this is an IIS specification to the application...
2. Do you happen to have a vb version of this code?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24260552
Hi,

1. If you wan't to keep LoginLDAP.aspx as the default login page, they you can't use Forms Authentication in your website because you LoginLDAP.aspx page uses Windows Authentication by default.

2. The VB version of the code.

Dim username As String() = Request.ServerVariables("Logon_User").Split("\"c)
Dim loginName As [String] = username(1)
Dim domain As [String] = username(0)

Dim isCookiePersistent As Boolean = False
Dim authTicket As New FormsAuthenticationTicket(Request.ServerVariables("Logon_User"), isCookiePersistent, 60)

'Encrypt the ticket.
Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)

'Create a cookie, and then add the encrypted ticket to the cookie as data.
Dim authCookie As New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)

If True = isCookiePersistent Then
    authCookie.Expires = authTicket.Expiration
End If

'Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie)

0
 

Author Comment

by:santaspores1
ID: 24261485
I guess I don't understand.  The whole goal is not require users to have to type their name and password in order to access these applications... while still using forms authentication so that I can use the associated database tables for managing personalization data.

If I am still using Login.aspx then users have to type their name and password and undergo forms authentication... when would they ever hit LoginLDAP?
0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24261580
You can still have Login.aspx. In the same Login.aspx page have a button or link saying "Login with Windows Credentials" and point the url to LoginLDAP.aspx. Users have to just click on the link to get redirected to the LoginLDAP.aspx.
0
 

Author Comment

by:santaspores1
ID: 24261771
John - everything is smooth like butter - thanks to you - I appreciate your time!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month17 days, 15 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question