Consider a site used for an interanet which should also be accessable from the internet. On the intranet you want to use Windows Authentication and on internet you want the users to access the site using forms authentication.
Is it possible to set up a mixed-mode with these two? I just want to validate that the user is logged in with either of them without using two sites.
Hei, I had seen this page talking about 2 level authentication with IIS7: IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication, and this other that has the same requirements as you: IIS mixed mode authentication for ASP.NET Applications -http://beaucrawford.net/post/IIS-ldquo3bmixed-moderdquo3b-authentication-for-ASPNET-Application.aspx, but I didn't try any, maybe it works for you? I guess you just have to adapt it for your needs.
I know of no build-in way of doing this. But you can use a simple workaround:
Choose forms authentication as your primary authentication and map windows authentication to it. You can do so in the applications AuthenticateRequest using global.asax or a special http handler or module. Identify your intranet user in this request and set the forms authentication cookie using FormsAuthentication.SetAuthCookie programmatically.
I actually use this for a mixed mode forms and IP-Number authentication, but I think it would work for forms and windows auth too.
By the way: Maybe mixed mode forms and IP-Number authentication is a second solution for your problem. If your server is part of a DMZ you can detect your Intranet user by the IP number subnet.
You may want to look at a similar question: http://stackoverflow.com/questions/3232072/
In the answer I posit a solution using a facade. I have leveraged this approach to integrate AD on multiple domains, aspnet sql provider and a legacy authentication database with measurable success.