tags:

views:

107

answers:

2
+3  Q: 

How to access an internal asp.net web application from the internet?

Hi All, I have an asp.net web application in an internal windows domain which calls a wcf-service. In the wcf-service I use the SecurityContext.Identity.Name, so it needs impersonation. Our task is that the web application can be accessed from anywhere. The first step was that the administrators published the web application throught ISA server 2006. The main problem with this solutions is that the browser doesn't save the user's loginname and password in the ISA authentication form. In addition the users want to access the webapp from Nokia Mobile with Opera Mini.

What can I do in a simple way that the browser saves the loginname/password in order to the user can use the application without reentering the login data in every 30/60 minutes????? Any best practise?

A: 

The standard is to store the username/password in a cookie and have the login page pull the login info from the cookie to auto-login. You can have this cookie expire in a month if you want to.

Here are some examples using different languages to add a "remember me" type functionality to save username and password in a cookie.

Cookies

php example

asp.net example

asp example

Response to creator's comments:

In order to modify the ISA login page, look at this article. You should be able to add the code top handle cookies by editing the login page file located in the directory C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ISA\HTML (assuming you installed ISA to that location).

I do not think there is an out of the box configuration that allows you to set this up, but I did see some configuration for setting trust level (#18 from the article) that you might want to play with.

kniemczak  2010-08-06 14:21:55
Thanks. But. As I wrote above the browser doesn't save the login data in a cookie because the standard ISA authentication form doesn't support it referring security aspects. I found this: http://technet.microsoft.com/en-us/library/bb794733.aspx. So it is possible to customize the login form of ISA, but it is not recommended to change any INPUT or FORM tag. I think that in this authentication form the AUTOCOMPLETE properties are set to OFF and the browser can't save the login data. It is allowed to make a new simple web app into the DMZ, but how can I pass the login data through ISA?
 2010-08-06 20:47:41
OK I assumed when you said the browser was not saving login information you meant the autocomplete was not working. Can you post more detailed information as to how your ISA was configured? I have exposed websites though ISA before and they had no issues with the standard login cookie.
kniemczak  2010-08-06 21:34:54
The internal web application configured using Basic authentication. The ISA configured usning HTTP form based authentication. The browser only saves the user's accunt name when the This is a private computer options is selected. The password is never saved by any type of browser. Why? How can I configure to achive the password saving.
 2010-08-09 08:55:54
What language are you using for this site? Are you using php? asp? plain html? You will have to handle the cookies with your own code or use a language that has it built in, but either way you need to do something on the page to handle the cookies and store the username and password in that cookie.I will edit the above answer to include examples.
kniemczak  2010-08-09 17:30:55
Thanks for the examples. I don't know that you understand me or not :-) I have a asp.net web app with basic authentication in the intranet. It's published with ISA 2006 to the internet. The user can use the application after they enter their windows username and password in the ISA form. I thought I could configure the standard ISA authentication form to save the password without any coding. I don't want another login page. And where should I deploy this new login page. And how should I authenticate the user width their windows username/password from the internet??? ...
 2010-08-10 07:06:17
... The ISA 2006 supports this solution why should I develop a mini-ISA?
 2010-08-10 07:07:11
I added some more information about editing ISA's login page. I have not seen a simple configuration where you can turn password saving on with a click of a button, but you can edit the login page to add this functionality.
kniemczak  2010-08-11 15:20:23
A: 

I see you understand me. Meanwhile I registered to this site and I found this article: http://technet.microsoft.com/en-us/library/bb794733.aspx We will try to switch the autocomplete property to on, but your codeproject link is helpful too. Thanks.

 2010-08-12 14:09:57
This was the solution. We made a new ISA authentication form set for the web listener and we switched the autocomplete property to ON. It works!
 2010-09-01 09:31:06

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?