Sometimes we would like to have a mixed authentication for our ASP.NET application.
We want the same application to be accessible by both Forms Authentication (a cookie based authentication) and also use Windows Authentication using the Active Directory Domain User.
Unfortunately this is not possible in IIS on the Same Web Application
The reason being
Form Authentication uses a different HTTP Protocal namely HTTP 302 Login / Redirect while the Windows Authentication uses HTTP 401 Challenge.
The good news is you could have both Windows Authentication (Integrated) and Basic Authentication in the same web application.
This way you could expose the Basic Authentication for the Internet Users (Make sure that you have a SSL certificate) as this is sent as plain text and the Windows Authentication (Integrated) for Intranet Users.
If we still want Forms and Windows Authentication. We would need to create Two Web Applications one with the Forms and the Other with the Windows Authentication. Both would be exact copies of the application but the web.config alone would be different due to the security settings.
We want the same application to be accessible by both Forms Authentication (a cookie based authentication) and also use Windows Authentication using the Active Directory Domain User.
Unfortunately this is not possible in IIS on the Same Web Application
The reason being
Form Authentication uses a different HTTP Protocal namely HTTP 302 Login / Redirect while the Windows Authentication uses HTTP 401 Challenge.
The good news is you could have both Windows Authentication (Integrated) and Basic Authentication in the same web application.
This way you could expose the Basic Authentication for the Internet Users (Make sure that you have a SSL certificate) as this is sent as plain text and the Windows Authentication (Integrated) for Intranet Users.
If we still want Forms and Windows Authentication. We would need to create Two Web Applications one with the Forms and the Other with the Windows Authentication. Both would be exact copies of the application but the web.config alone would be different due to the security settings.
No comments:
Post a Comment