views:

161

answers:

1

I have an application we bought that I need to integrate, and it uses jakarta connection to get to the application from IIS.

So, the basic operation is:

  1. user goes to the url
  2. Gets redirected to the application
  3. SSO is enabled, so redirected back to IIS for fetching of domain credentials
  4. Back to application
  5. If username is blank show login page, else let user in.

This is a simplification of all the steps, but the basic idea is here.

My difficulty is that I need both Windows Integrated Auth and anonymous on, as some users won't have credentials, and need to be prompted for a username/password.

I have looked at: http://stackoverflow.com/questions/2068546/iis-windows-authentication-before-anonymous already, but the user doesn't get to click on a link to decide. The application goes back to IIS looking for login.aspx and from there I want to either get their domain credentials or pass back to the application empty strings to signify that there are no credentials.

It seems this isn't going to be possible though as if anonymous is on it doesn't make the 401 request so the credentials aren't passed.

If I can't get this to work with just using an ASP.NET page, could it be done using an ISAPI filter, or a module?

UPDATE:

I found a possible solution, but I need to figure out how to get it to work, as my login page is on the JBoss server.

http://mvolo.com/blogs/serverside/archive/2008/02/11/IIS-7.0-Two_2D00_Level-Authentication-with-Forms-Authentication-and-Windows-Authentication.aspx

A: 

Hi,

Keep the Authentication in the IIS as the Anonymous.

When loading the home page check the ACTIVE DIRECTORY for the current logged in USERNAME if exist

provide the extra functionality to current user or else with fewer options.

Refer --> Active Directory Cheking

solairaja
How would I get the username, without having IIS go back to the browser to get the data (401 request)? I am looking at Request.ServerVariables["AUTH_USER"] and ServerVariables["LOGON_USER"] and if anonymous is enabled these are both basically empty.
James Black
is that a intranet web application ?
solairaja
@solairaja - It is for an application that is for internal and external use. For internal use I want to use integrated auth and for external they will need to log in. Ideally one web page to go to for everyone, without having to write ActiveX controls or IE/Firefox/Safari plugins. :)
James Black
I accepted your answer as I ended up going with AUTH_USER as, if the browser is in the local, trusted, intranet then I can get the credentials.
James Black