[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASP.Net Windows Authentication Question vs Forms Auth

Posted on 2013-05-15
2
Medium Priority
?
419 Views
Last Modified: 2013-05-21
Hello all,

I should know this by now but I forget as I usually handle authentication via forms auth.   So we have a single sign-on type app where in IIS I have enabled Windows Auth only of course and disabled Anonymous.   I also have a sql table called User that allows us to have a user administration screen to select Active Directory users and it add that user to our user sql server table with Username etc.   So essentially I could take the User.Identity.Name and check that table because I want to setup custom roles for users and I also don't want to allow all users on the network to use the application.  

My question is if Window Auth is set in IIS that allows us to hit the site without having a login page but I don't want to allow everyone to hit the site without validating first against my user table.  

Is it common that once they hit the site you take the User.Identity.Name then validate against a SQL Server table of users then set in Forms Authentication cookie at that point?  This way any URL they hit within the site it is MVC based application so any route that hits the IIS box forms authentication would kick them out?  Confused on how to allow the user to access any URL based on Windows Auth.   I dont think forms auth would work anyway because you cant enable Anonymous on the IIS as well or the identity does not work.

Hope this makes some sense.
0
Comment
Question by:sbornstein2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Accepted Solution

by:
eguilherme earned 1000 total points
ID: 39171083
Since anonymous is disabled, you could check the value of:
Request.ServerVariables("LOGON_USER")

Open in new window


and check against your user table to set/not set the forms ticket
0
 

Author Closing Comment

by:sbornstein2
ID: 39185723
thanks
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my previous two articles we discussed Binary Serialization (http://www.experts-exchange.com/A_4362.html) and XML Serialization (http://www.experts-exchange.com/A_4425.html). In this article we will try to know more about SOAP (Simple Object Acces…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question