Multiple Login Modes in ASP.NET - Advice Needed

Question

Looking for a bit of advice on where to take a current webapp which supports logins based on active directory and makes use of the built in asp login component.

The problem is that we want to have the option to use the active directory login or a "normal" login using data stored in our local database.

Just to make it clear. On each installed system it would be one or the other so I'm not asking how to check both each login atempt.

Basic flow:

Determine which login mode is set
  if active directory
    load active directory login form
    validate login info against active directory
    login to system
  else if normal login
    load default login form
    validate login info against database
    login to system

My lack of knowledge on the asp login component may be the problem here but I'm unsure of how to make the login component know which login mode to run the validation on? The login form seems just like a black box, which makes me a little uneasy when using it on such an important task.

Can this be done?

Or..

Should I just write a custom login for the system and be done with it?

Answer 1

The login control will be your friend in this situation, as it simply utilizes the ASP.Net membership provider model. You will not need to change the application at all!

All you need to do is specify in the web.config file which authentication mode you'll be using. This can of course be set up on a machine by machine basis. So, for your active directory machines:

<connectionStrings>
  <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com" />
 </connectionStrings>

<membership defaultProvider="MyADMembershipProvider">
  <providers>
    <add
       name="MyADMembershipProvider"
       type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, 
             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
       connectionStringName="ADConnectionString"
       connectionUsername="testdomain\administrator" 
       connectionPassword="password"/>
  </providers>
 </membership>

You can read more on implementing login with membership providers and active directory from http://msdn.microsoft.com/en-us/library/ms998360.aspx.

And then for your machines that will be authenticating against a database, you simply write a custom membership provider that will authenticate against your database. It's really simple, you really only need to implement one method. You can start here: http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx. Here is a great example also, with a bare minimum of code and an easy walkthrough for setting it up: http://www.15seconds.com/issue/050216.htm

Answer 2

If you use Forms authentication, you could check the user against active directory and against the database and if either returns a positive set the forms authentication to true.

Answer 3

yes and no.

the LOGIN components utilize the Membership provider classes. What you need is to code yourself up a Active Directory version, and tell ASP.Net to look towards it for AD, or to look toward the SQLMembershipProvider if using the database