?
Solved

ASP.Net Windows Authentication Question vs Forms Auth

Posted on 2013-05-15
2
Medium Priority
?
422 Views
Last Modified: 2013-05-21
Hello all,

I should know this by now but I forget as I usually handle authentication via forms auth.   So we have a single sign-on type app where in IIS I have enabled Windows Auth only of course and disabled Anonymous.   I also have a sql table called User that allows us to have a user administration screen to select Active Directory users and it add that user to our user sql server table with Username etc.   So essentially I could take the User.Identity.Name and check that table because I want to setup custom roles for users and I also don't want to allow all users on the network to use the application.  

My question is if Window Auth is set in IIS that allows us to hit the site without having a login page but I don't want to allow everyone to hit the site without validating first against my user table.  

Is it common that once they hit the site you take the User.Identity.Name then validate against a SQL Server table of users then set in Forms Authentication cookie at that point?  This way any URL they hit within the site it is MVC based application so any route that hits the IIS box forms authentication would kick them out?  Confused on how to allow the user to access any URL based on Windows Auth.   I dont think forms auth would work anyway because you cant enable Anonymous on the IIS as well or the identity does not work.

Hope this makes some sense.
0
Comment
Question by:sbornstein2
2 Comments
 
LVL 10

Accepted Solution

by:
eguilherme earned 1000 total points
ID: 39171083
Since anonymous is disabled, you could check the value of:
Request.ServerVariables("LOGON_USER")

Open in new window


and check against your user table to set/not set the forms ticket
0
 

Author Closing Comment

by:sbornstein2
ID: 39185723
thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question