tags:

views:

72

answers:

1
+1  Q: 

How To Log User In To ASP .NET Site Automatically If They Are Logged In To Active Directory?

Hi,

Our client's site currently uses forms authentication, so users have to go to the login page to type in their username and password. There are custom membership and role providers that access a database through NHibernate to get users and roles.

The client now wants users from within the local Active Directory to get logged in automatically. Details of users and roles should still be retrieved from the same database as before. There will be a new field added to the Users table that holds an Active Directory username so that I can match it up.

If the current user is not authenticated through Active Directory or no record in the Users table has a matching Active Directory name then they would have to go to the login page as normal. To be clear: the site must still be accessible externally (i.e. outside the domain).

I have a test system setup that involves an IIS 6 server and a client running IE7; both are members of a test Active Directory. I've tried using HttpContext.Current.Request.LogonUserIdentity in combination with IIS integrated security but it's returning the anonymous login except when browsing on localhost.

Does anyone have a solution?

+2  A: 

You want to check out Integrated Windows Authentication. This will allow the Active Directory username and password (hashed) to be sent across the network to the server. If they pass you can redirect them to the site, and if not, push them to the login page.

Kevin  2010-09-08 12:28:28
This is correct. Also, you should note that in order for the browser to pass the Windows User Name to your site, you must use IE and it the site must be a Trusted Site. If I remember correctly, Intranet sites that are accessed with a FQDN do NOT get recognized as an Intranet site and need to manually be added as a Trusted Site (there may be a GP Extension for this).
o6tech  2010-09-09 16:02:11
@Kevin do you know of any example code for this? This would be an excellent implementation here too..
Rafael Belliard  2010-09-10 13:17:55

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps