views:

72

answers:

1

Hi,

Our client's site currently uses forms authentication, so users have to go to the login page to type in their username and password. There are custom membership and role providers that access a database through NHibernate to get users and roles.

The client now wants users from within the local Active Directory to get logged in automatically. Details of users and roles should still be retrieved from the same database as before. There will be a new field added to the Users table that holds an Active Directory username so that I can match it up.

If the current user is not authenticated through Active Directory or no record in the Users table has a matching Active Directory name then they would have to go to the login page as normal. To be clear: the site must still be accessible externally (i.e. outside the domain).

I have a test system setup that involves an IIS 6 server and a client running IE7; both are members of a test Active Directory. I've tried using HttpContext.Current.Request.LogonUserIdentity in combination with IIS integrated security but it's returning the anonymous login except when browsing on localhost.

Does anyone have a solution?

+2  A: 

You want to check out Integrated Windows Authentication. This will allow the Active Directory username and password (hashed) to be sent across the network to the server. If they pass you can redirect them to the site, and if not, push them to the login page.

Kevin
This is correct. Also, you should note that in order for the browser to pass the Windows User Name to your site, you must use IE and it the site must be a Trusted Site. If I remember correctly, Intranet sites that are accessed with a FQDN do NOT get recognized as an Intranet site and need to manually be added as a Trusted Site (there may be a GP Extension for this).
o6tech
@Kevin do you know of any example code for this? This would be an excellent implementation here too..
Rafael Belliard