asked on
ASP.Net Windows Authentication Question vs Forms Auth
Hello all,
I should know this by now but I forget as I usually handle authentication via forms auth. So we have a single sign-on type app where in IIS I have enabled Windows Auth only of course and disabled Anonymous. I also have a sql table called User that allows us to have a user administration screen to select Active Directory users and it add that user to our user sql server table with Username etc. So essentially I could take the User.Identity.Name and check that table because I want to setup custom roles for users and I also don't want to allow all users on the network to use the application.
My question is if Window Auth is set in IIS that allows us to hit the site without having a login page but I don't want to allow everyone to hit the site without validating first against my user table.
Is it common that once they hit the site you take the User.Identity.Name then validate against a SQL Server table of users then set in Forms Authentication cookie at that point? This way any URL they hit within the site it is MVC based application so any route that hits the IIS box forms authentication would kick them out? Confused on how to allow the user to access any URL based on Windows Auth. I dont think forms auth would work anyway because you cant enable Anonymous on the IIS as well or the identity does not work.
Hope this makes some sense.
I should know this by now but I forget as I usually handle authentication via forms auth. So we have a single sign-on type app where in IIS I have enabled Windows Auth only of course and disabled Anonymous. I also have a sql table called User that allows us to have a user administration screen to select Active Directory users and it add that user to our user sql server table with Username etc. So essentially I could take the User.Identity.Name and check that table because I want to setup custom roles for users and I also don't want to allow all users on the network to use the application.
My question is if Window Auth is set in IIS that allows us to hit the site without having a login page but I don't want to allow everyone to hit the site without validating first against my user table.
Is it common that once they hit the site you take the User.Identity.Name then validate against a SQL Server table of users then set in Forms Authentication cookie at that point? This way any URL they hit within the site it is MVC based application so any route that hits the IIS box forms authentication would kick them out? Confused on how to allow the user to access any URL based on Windows Auth. I dont think forms auth would work anyway because you cant enable Anonymous on the IIS as well or the identity does not work.
Hope this makes some sense.
ASP.NET.NET Programming
Last Comment
sbornstein2
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks