views:

871

answers:

1

I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario?

Technical Constraints: .NET 3.5 on IIS 6 (IIS 7 is currently a non-starter in our environment)

Thanks!

+1  A: 

There's an old article on MSDN here, which involves a custom 401 redirect set up in IIS - hopefully it's of some help.

Phil Jenkins