2

Scenario:

  • https asp/asp.net website running of IIS 7.5 (windows server 2008)
  • IIS currently configured to allow anonymous authentication and forms authentication ,asp.net impersonation are disabled while windows authentication is not installed (I understand that windows authentication needs to installed for this.)
  • a single custom login page for both internal and external users

Requirment:

  • Internal users seamlessly login while capturing their LOGON name (window authentication)
  • External users (not on domain) should be prompted a manual login

Questions:

  • What approach can be used to implement this?
  • Looking for the IIS 7.5 and web.config settings

Approaches Found:

  1. make 2 pages within 1 website, winlogin and weblogin(front page). Allow windows auth=true and anonymous auth=false on winlogin.aspx and vice versa on weblogin.aspx user with a ip hits weblogin, if ip is known redirect to winlogin to capture logon and redirect to weblogin if the ip is unknown
  2. have winlogin.aspx as the main page and redirect 401 errors to weblogin.aspx
ssq
  • 51
  • 1
  • 6
  • There are tons of enterprise gateway solutions to achieve that, by converting user credentials collected from external users on a form to valid Windows authentication requests to IIS. Would be difficult to achieve at IIS level, but quite simple if you use any of the products. – Lex Li Feb 12 '16 at 04:32

1 Answers1

0

This is how to configure IIS for integrated authentication.

http://netpl.blogspot.com/2012/06/iis-75-integrated-security-with-no.html

This will make your site available for intranet users WITHOUT the prompt for credentials.

Note that this also works for web users. A built-in web browser window is displayed as a result of HTTP 401. A user provides his/her credentials and is in.

If you rather want to show your custom web form as a result of 401 (unauthorized), you'd have to trick the browser a little:

http://www.codeproject.com/Articles/11202/Redirecting-to-custom-401-page-when-quot-Access-de

This way you can redirect an unauthorized response to a web form of your choice (for example, to show an asp.net login form).

Although the integrated authentication can be easily configured, prepare for a lot of experiments when setting up your mixed (integrated/forms) authentication. Things change with every version of IIS; also IIS7 behaves differently if a pool is in classic vs integrated mode.

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
  • I am interested in a custom webform on 401, the first article says to turn off anonymous authentication and and the second article says not to. Could you please clarify? thanks – ssq Sep 18 '12 at 15:14