Link to home
Start Free TrialLog in
Avatar of awilderbeast
awilderbeastFlag for United Kingdom of Great Britain and Northern Ireland

asked on

ASP.net IIS - if intergrated authentication fails, fall back to form based?

hi all,

what i want to be able to do is, 1 group of users has integrated authentication against my internal website, but if someone outside that group wants to connect they would get prompted with a forms based authentication.

EDIT: this is based on active directory authentication

is this possible?

Thanks
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image
It should be.  Just check if the currently logged in user is a member of that AD group and, if not, redirect them to a page where they can log in.  

Here's one way to do this:

 Public Function GetADGroups() As ArrayList
    '##########
    '### Returns an array of Active Directory groups the current user belongs to

    Dim aryGroups As New ArrayList()
    For Each irefGroup As System.Security.Principal.IdentityReference In System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups
      aryGroups.Add(irefGroup.Translate(GetType(System.Security.Principal.NTAccount)).ToString.ToLower)
    Next
    Return aryGroups
  End Function

You could modify my code to check for a particular group and do something based on whether or not it exists in the list.  I do things a little differently, but this should accomplish what you want.
Avatar of awilderbeast
awilderbeast
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

can you show me this function in c#?

for example..

if (ADUser.groups != "GROUPNAME")
{
  redirect loginform.aspx
}
intergrated Authentication;
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image
Courtesy of http://www.developerfusion.com/tools/convert/vb-to-csharp/

public ArrayList GetADGroups()
{
      //##########
      //### Returns an array of Active Directory groups the current user belongs to

      ArrayList aryGroups = new ArrayList();
      foreach (System.Security.Principal.IdentityReference irefGroup in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups) {
            aryGroups.Add(irefGroup.Translate(typeof(System.Security.Principal.NTAccount)).ToString().ToLower());
      }
      return aryGroups;
}
Avatar of awilderbeast
awilderbeast
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

ok so i can do an if statement to check for ad groups then if a user is not in ad and i redirect to the login form how will the web config know to take the form credentials and not the integrated credentials it would take for the ad group?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of awilderbeast
awilderbeast
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

thanks