Mosquitoe
asked on
Windows Authentication with an initial splash page without authentification
Hi all, We want to use Windows Authentication but need to be able to go to a splash screen where the user chooses their language preference before going to the logon screen. How do we delay authenfication until after the user get s to their logon screen?
Below is all the applicable related to Windows Authentication from web.config, Global.asax, the logon page and the LDAP class
Any help is appreciated,
<authentication mode="Forms">
<forms loginUrl="/Web/Default-Def ault.aspx" name="adAuthCookie" timeout="60" path="/" >
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<identity impersonate="true" />
Global.asax
Sub Application_AuthenticateRe quest(ByVa l sender As Object, ByVal e As EventArgs)
' Fires upon attempting to authenticate the use
Dim cookieName As String = FormsAuthentication.FormsC ookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(co okieName)
If (authCookie Is Nothing) Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket = Nothing
Try
authTicket = FormsAuthentication.Decryp t(authCook ie.Value)
Catch ex As Exception
'Write the exception to the Event Log.
Return
End Try
If (authTicket Is Nothing) Then
'Cookie failed to decrypt.
Return
End If
'When the ticket was created, the UserData property was assigned a
'pipe-delimited string of group names.
Dim groups As String() = authTicket.UserData.Split( New Char() {"|"})
'Create an Identity.
Dim id As GenericIdentity = New GenericIdentity(authTicket .Name, "LdapAuthentication")
'This principal flows throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id, groups)
Context.User = principal
End Sub
Logon
Sub Login_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim adPath As String = "LDAP://ncr.ec.gc.ca" 'Path to your LDAP directory server
Dim adAuth As LdapAuthentication = New LdapAuthentication(adPath)
Try
If (True = adAuth.IsAuthenticated(txt Domain.Tex t, txtUsername.Text, txtPassword.Text)) Then
Dim groups As String = adAuth.GetGroups()
'Create the ticket, and add the groups.
'Dim isCookiePersistent As Boolean = chkPersist.Checked
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket( 1, _
txtUserName.Text, DateTime.Now, DateTime.Now.AddMinutes(60 ), False, groups)
'Encrypt the ticket.
Dim encryptedTicket As String = FormsAuthentication.Encryp t(authTick et)
'Create a cookie, and then add the encrypted ticket to the cookie as data.
Dim authCookie As HttpCookie = New HttpCookie(FormsAuthentica tion.Forms CookieName , encryptedTicket)
'If (isCookiePersistent = True) Then
' authCookie.Expires = authTicket.Expiration
'End If
'Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authC ookie)
'You can redirect now.
Response.Redirect(FormsAut henticatio n.GetRedir ectUrl(txt Username.T ext, False))
Else
errorLabel.Text = "Authentication did not succeed. Check user name and password."
End If
Catch ex As Exception
errorLabel.Text = "Error authenticating. " & ex.Message
End Try
End Sub
LdapAuthenticate
Imports System
Imports System.Text
Imports System.Collections
Imports System.DirectoryServices
Namespace FormsAuth
Public Class LdapAuthentication
Dim _path As String
Dim _filterAttribute As String
Public Sub New(ByVal path As String)
_path = path
End Sub
Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean
Dim domainAndUsername As String = domain & "\" & username
Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)
Try
'Bind to the native AdsObject to force authentication.
Dim obj As Object = entry.NativeObject
Dim search As DirectorySearcher = New DirectorySearcher(entry)
search.Filter = "(SAMAccountName=" & username & ")"
search.PropertiesToLoad.Ad d("cn")
Dim result As SearchResult = search.FindOne()
If (result Is Nothing) Then
Return False
End If
'Update the new path to the user in the directory.
_path = result.Path
_filterAttribute = CType(result.Properties("c n")(0), String)
Catch ex As Exception
Throw New Exception("Error authenticating user. " & ex.Message)
End Try
Return True
End Function
Public Function GetGroups() As String
Dim search As DirectorySearcher = New DirectorySearcher(_path)
search.Filter = "(cn=" & _filterAttribute & ")"
search.PropertiesToLoad.Ad d("memberO f")
Dim groupNames As StringBuilder = New StringBuilder()
Try
Dim result As SearchResult = search.FindOne()
Dim propertyCount As Integer = result.Properties("memberO f").Count
Dim dn As String
Dim equalsIndex, commaIndex
Dim propertyCounter As Integer
For propertyCounter = 0 To propertyCount - 1
dn = CType(result.Properties("m emberOf")( propertyCo unter), String)
equalsIndex = dn.IndexOf("=", 1)
commaIndex = dn.IndexOf(",", 1)
If (equalsIndex = -1) Then
Return Nothing
End If
groupNames.Append(dn.Subst ring((equa lsIndex + 1), (commaIndex - equalsIndex) - 1))
groupNames.Append("|")
Next
Catch ex As Exception
Throw New Exception("Error obtaining group names. " & ex.Message)
End Try
Return groupNames.ToString()
End Function
End Class
End Namespace
Below is all the applicable related to Windows Authentication from web.config, Global.asax, the logon page and the LDAP class
Any help is appreciated,
<authentication mode="Forms">
<forms loginUrl="/Web/Default-Def
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<identity impersonate="true" />
Global.asax
Sub Application_AuthenticateRe
' Fires upon attempting to authenticate the use
Dim cookieName As String = FormsAuthentication.FormsC
Dim authCookie As HttpCookie = Context.Request.Cookies(co
If (authCookie Is Nothing) Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket = Nothing
Try
authTicket = FormsAuthentication.Decryp
Catch ex As Exception
'Write the exception to the Event Log.
Return
End Try
If (authTicket Is Nothing) Then
'Cookie failed to decrypt.
Return
End If
'When the ticket was created, the UserData property was assigned a
'pipe-delimited string of group names.
Dim groups As String() = authTicket.UserData.Split(
'Create an Identity.
Dim id As GenericIdentity = New GenericIdentity(authTicket
'This principal flows throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id, groups)
Context.User = principal
End Sub
Logon
Sub Login_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim adPath As String = "LDAP://ncr.ec.gc.ca" 'Path to your LDAP directory server
Dim adAuth As LdapAuthentication = New LdapAuthentication(adPath)
Try
If (True = adAuth.IsAuthenticated(txt
Dim groups As String = adAuth.GetGroups()
'Create the ticket, and add the groups.
'Dim isCookiePersistent As Boolean = chkPersist.Checked
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(
txtUserName.Text, DateTime.Now, DateTime.Now.AddMinutes(60
'Encrypt the ticket.
Dim encryptedTicket As String = FormsAuthentication.Encryp
'Create a cookie, and then add the encrypted ticket to the cookie as data.
Dim authCookie As HttpCookie = New HttpCookie(FormsAuthentica
'If (isCookiePersistent = True) Then
' authCookie.Expires = authTicket.Expiration
'End If
'Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authC
'You can redirect now.
Response.Redirect(FormsAut
Else
errorLabel.Text = "Authentication did not succeed. Check user name and password."
End If
Catch ex As Exception
errorLabel.Text = "Error authenticating. " & ex.Message
End Try
End Sub
LdapAuthenticate
Imports System
Imports System.Text
Imports System.Collections
Imports System.DirectoryServices
Namespace FormsAuth
Public Class LdapAuthentication
Dim _path As String
Dim _filterAttribute As String
Public Sub New(ByVal path As String)
_path = path
End Sub
Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean
Dim domainAndUsername As String = domain & "\" & username
Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)
Try
'Bind to the native AdsObject to force authentication.
Dim obj As Object = entry.NativeObject
Dim search As DirectorySearcher = New DirectorySearcher(entry)
search.Filter = "(SAMAccountName=" & username & ")"
search.PropertiesToLoad.Ad
Dim result As SearchResult = search.FindOne()
If (result Is Nothing) Then
Return False
End If
'Update the new path to the user in the directory.
_path = result.Path
_filterAttribute = CType(result.Properties("c
Catch ex As Exception
Throw New Exception("Error authenticating user. " & ex.Message)
End Try
Return True
End Function
Public Function GetGroups() As String
Dim search As DirectorySearcher = New DirectorySearcher(_path)
search.Filter = "(cn=" & _filterAttribute & ")"
search.PropertiesToLoad.Ad
Dim groupNames As StringBuilder = New StringBuilder()
Try
Dim result As SearchResult = search.FindOne()
Dim propertyCount As Integer = result.Properties("memberO
Dim dn As String
Dim equalsIndex, commaIndex
Dim propertyCounter As Integer
For propertyCounter = 0 To propertyCount - 1
dn = CType(result.Properties("m
equalsIndex = dn.IndexOf("=", 1)
commaIndex = dn.IndexOf(",", 1)
If (equalsIndex = -1) Then
Return Nothing
End If
groupNames.Append(dn.Subst
groupNames.Append("|")
Next
Catch ex As Exception
Throw New Exception("Error obtaining group names. " & ex.Message)
End Try
Return groupNames.ToString()
End Function
End Class
End Namespace
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry it took so long to respond to this - thank you for your suggestions; we did end up going to DB with username and password
ASKER