Pass-Through Authentication from Active Directory to ASP.Net

I have an ASP.Net application using forms authentication against an SQL database which also provides roles and other privileges based upon the user ID.  We want to integrate the application with Active Directory to provide a single login to the user.  Then when the user attempts to access the ASP.Net application the user identity will be obtained from the network login, the SQL database queried to set roles (if they have an account with roles defined…otherwise redirect to page instructing them to request an account), set their session variables, and redirect them to the appropriate page.  Seems simple enough.

Here’s what I could use some assistance with:
1.  What security settings are required for IIS 6.0 to work with ASP.Net and this authentication method?  Remove “Anonymous Access” and use “Integrated Windows Authentication”?
2.  Is the authentication method in web.config now “Windows” rather than “Forms Authentication”?  If I’m getting the user identify from the network login all I need to do is get their roles from the database and set their long as the session has not expired the user can access what their roles allow in the application.
3.  How can I best simulate a domain/AD environment on an XP development laptop?  Or do I just use windows authentication in XP as a “network like” login…in other words a different authentication approach in development versus production.  I do have remote access to a development system that is identical to production but only test what has been developed on the XP laptop.

My experience is data management and web applications and I have very little experience or knowledge with server configurations or active directory.  Any input, code examples, links, would be appreciated.  Thanks!
Who is Participating?
guru_samiConnect With a Mentor Commented:
-->We want to integrate the application with Active Directory to provide a single login to the user.
So now do you want to move completely to Windows authentication or part of your users will still use SQL Login?
If just Windows, yes you need to set Mode="Windows" in the web.config and set Intergrated Windows with no anonymous access.
If both then you will need a bit of work.
for Roles this might be helpful:
heathdeAuthor Commented:
The SQL database will still be used for roles and other user privileges within the application.  All we need to do is get the authenticated user id from the Network login and query the database for roles and set the session variables.
HairbrushConnect With a Mentor Commented:
If your development laptop running XP is not part of an Active Directory domain, you can still test as if it were by creating local users and groups (go to control panel, click "Administrative Tools" and select "Computer Management" then "Local Users and Groups".

Your "domain" will be your computer name.
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

-->All we need to do is get the authenticated user id from the Network login and query the database for roles
Ok then the link provided should help you. Did you try that?
heathdeAuthor Commented:
I'm actually reviewing that article and related links right now...
heathdeAuthor Commented:
Thanks for your responses...both replies provided direction for a solution.  We've decided on a hybrid model using AD authentication, denying anonymous users in IIS, then querying our account database for roles based upon the authenticated user id, and finally issuing a forms authentication ticket if an account exists.  Thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.