Impersonating users through NTLM
I have an internal application which has two levels of security. FormsAuthentication for client-facing application and NTLM Integrated authentication for management interfac
-
Let say you have Forms authentication enabled ASP.NET app with login form login.aspx and your users are stored in DB. Now you'd like to support both, Forms and Windows authentication. That's what I do:
For forms auth I use SQL DB with, let say, Users table. I add to this table new column named WindowsUserName in which I'll save Windows user's name in form COMPUTER\User
In login.aspx form I add a method, which will send a response that will shows login window:
private void ActivateWindowsLogin() { Response.StatusCode = 401; Response.StatusDescription = "Unauthorized"; Response.End(); }Somewhere I have a link like
<a href="login.aspx?use=windows">Admin</a>In login.aspx Page_Load I have added:
if (Request.QueryString["use"] == "windows") { var windowsuser = Request.ServerVariables["LOGON_USER"]; if (windowsuser.Length == 0) ActivateWindowsLogin(); else { // get userId from DB for Windows user that was authenticated by IIS // I use userId in .ASPXAUTH cookie var userId = GetUserIdForWindowsUser(windowsuser); if (userId > 0) //user found { // here we get User object to check roles or other stuff var user = GetApplicationUser(userId); // perform additional checks here and call ActivateWindowsLogin() // to show login again or redirect to access denied page. // If everythig is OK, set cookie and redirect FormsAuthentication.SetAuthCookie(userId.ToString(), false); Response.Redirect(FormsAuthentication.GetRedirectUrl(userId.ToString(), false), true); } else //user not found ActivateWindowsLogin(); } } else { //your Forms auth routine }GetUserIdForWindowsUser and GetApplicationUser are my methods just for sample.
讨论(0)
加载中...
- 热议问题