Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ASP.net IIS - if intergrated authentication fails, fall back to form based?

Posted on 2012-08-28
6
Medium Priority
?
925 Views
Last Modified: 2012-08-29
hi all,

what i want to be able to do is, 1 group of users has integrated authentication against my internal website, but if someone outside that group wants to connect they would get prompted with a forms based authentication.

EDIT: this is based on active directory authentication

is this possible?

Thanks
0
Comment
Question by:awilderbeast
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Paul MacDonald
ID: 38341929
It should be.  Just check if the currently logged in user is a member of that AD group and, if not, redirect them to a page where they can log in.  

Here's one way to do this:

 Public Function GetADGroups() As ArrayList
    '##########
    '### Returns an array of Active Directory groups the current user belongs to

    Dim aryGroups As New ArrayList()
    For Each irefGroup As System.Security.Principal.IdentityReference In System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups
      aryGroups.Add(irefGroup.Translate(GetType(System.Security.Principal.NTAccount)).ToString.ToLower)
    Next
    Return aryGroups
  End Function


You could modify my code to check for a particular group and do something based on whether or not it exists in the list.  I do things a little differently, but this should accomplish what you want.
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 38344873
can you show me this function in c#?

for example..

if (ADUser.groups != "GROUPNAME")
{
  redirect loginform.aspx
}
intergrated Authentication;
0
 
LVL 35

Expert Comment

by:Paul MacDonald
ID: 38345066
Courtesy of http://www.developerfusion.com/tools/convert/vb-to-csharp/

public ArrayList GetADGroups()
{
      //##########
      //### Returns an array of Active Directory groups the current user belongs to

      ArrayList aryGroups = new ArrayList();
      foreach (System.Security.Principal.IdentityReference irefGroup in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups) {
            aryGroups.Add(irefGroup.Translate(typeof(System.Security.Principal.NTAccount)).ToString().ToLower());
      }
      return aryGroups;
}
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 1

Author Comment

by:awilderbeast
ID: 38345376
ok so i can do an if statement to check for ad groups then if a user is not in ad and i redirect to the login form how will the web config know to take the form credentials and not the integrated credentials it would take for the ad group?

Thanks
0
 
LVL 35

Accepted Solution

by:
Paul MacDonald earned 2000 total points
ID: 38345427
You'll likely have to use some sort of session variable to keep track of who is authenticated and who isn't.  If they're in your AD group, you can set the flag to true in the code above and let them go about their business.  If they're not in the AD group, you'll have to use the code above to send them to a login page and (if they're successful) set the flag there..
0
 
LVL 1

Author Closing Comment

by:awilderbeast
ID: 38346008
thanks
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question