views:

34

answers:

1

I would like to know if it's possible to implement two types of authentication in my web site.

I would like to have username/password and also be able to use a security token service to login in my site

Thanks.

A: 

We have done this in a project I am working on at the moment. We actually have 2 sites. One is the actual website that uses normal forms authentication and .net authentication controls. The other site uses integrated windows authentication and is for internal users. The internal site authenticates the user against AD and then updates a user record in a shared database with a guid and a date and time. It then simply forwards the request to the actual website with the guid as a form variable. The main website then looks up the user record based on the guid and checks that the record was updated in the last minute. If it finds a matching record it creates a forms authentication token for the matched user account.

The code we are using is below:

FormsAuthenticationTicket oTicket = new FormsAuthenticationTicket(
                1,
                Username,
                DateTime.Now,
                DateTime.Now.AddMinutes(iTimeout),
                false,
                OrganisationPin);

            HttpCookie hcAuthenticated = new HttpCookie(
                FormsAuthentication.FormsCookieName,
                FormsAuthentication.Encrypt(oTicket));
            Response.Cookies.Add(hcAuthenticated);
Ben Robinson
This way i would have to develop code to make a token like the one sent by the security token service for users that are authenticated with username/password right?
sergiosp
Yes i have updated my answer with example code from my project.
Ben Robinson