tags:

views:

226

answers:

2

I want to be able to authenticate an NT username/password combination through an ASP.NET site, completely separate from the username that's recognized through Request.ServerVariables("LOGON_USER") and the like. There are accounts that will have the rights to completely override others, but the users will still have to enter the correct password to do so.

I tried using the LoginUser function from advapi32.dll, but that only tries the login for the local machine (which would be the application server). Is there something that will work for checking the network in general?

+1  A: 

You could authenticate against Active Directory.

An ASP.NET application can use Forms authentication to permit users to authenticate against Active Directory using the Lightweight Directory Access Protocol (LDAP). After the user is authenticated and redirected, you can use the Application_AuthenticateRequest method of the Global.asax file to store a GenericPrincipal object in the HttpContext.User property that flows throughout the request.

http://msdn.microsoft.com/en-us/library/ms180890

Robert Harvey
+1  A: 

Have you thought of using LDAP and ADAM (Active Directory in Application Mode)?

That would allow you to authenticate users in the manner you're seeking. I found a few articles for you:

  1. http://www.c-sharpcorner.com/UploadFile/wojtekpiaseczny/AdamAuthentication10262006124310PM/AdamAuthentication.aspx
  2. http://www.15seconds.com/Issue/060525.htm\
  3. http://msdn.microsoft.com/en-us/library/aa302397.aspx
Cory Larson