IIS windows intergrated security and .NET access

One thing I've really wanted w/ windows passthrough auth is for the authenticated user object to be available to .NET w/o IIS making a decision to accept or deny. In other words, I want the web request to undergo the challenge/response by IIS, but the for IIS to hand that  result over to .NET to manage if desired.

This would allow .NET to programmatically determine what to do should the challenge/response fail, and also allow it to make a decision about users who come from certain domains as opposed to others -- those in domain get higher rights than those w/o, for example
In order to handle non intergretated security clients, I have to do all sorts of redirection to to allow challenge/response happen in the background for those who are capable, yet allow non NTLM clients to authenticate via other means (i.e. standard web form).
W/o knowing much about the new logon class, is there any hope that this info might be programatically available to .NET? Is this problem/limitation even understood by the ASP.NET team? Intergrated security is great, but the implementation of it is difficult to use in real life a real enterprise full of non-NTLM capable clients.
11/26/2003 6:50:57 AM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies

Similar Articles

[PageSpeed] 42
Get it on Google Play
Get it on Apple App Store

How would you envision the logon process occurring for non-NTLM capable clients (either those with non-MS browsers, or folks sitting on the other side of a firewall that does pass NTLM protocol traffic across it)?

Also, would you expect non-NTLM clients to have a Windows security context after they performed a forms-based login?
This posting is provided "AS IS" with no warranties, and confers no rights.
1/13/2004 3:33:26 AM

Similar Artilces:

Accessing IIS integrated security website from .NET application?
So I have an application on webserver1 using FORMS authentication (allows anonymous access to login page so running under ASPNET account). In this application there are links to a website on webserver2 that does not allow anonymous access and requires windows integrated security. So basically when you click on a link from the application to webserver2 an authentication popup window appears.  What I'd like to do is pass the authentication information from my application (on webserver1) to webserver2 so that the page I'm calling (via a simply linkbutton) does not produce an ...

(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-) Latest issue, #13: http://www.net-security.org/insecuremag.php (86 pages, with ads [not animated ads] - like a printed magazine) Archives of past issues: http://www.net-security.org/insecure-archive.php ISSUE 13 (September 2007) * Interview with Janne Uusilehto, Head of Nokia Product Security * Social engineering social networking services: a LinkedIn example * The case for automated log management in meeting HIPAA compliance * Risk decision making: whose call is it? * Interview with Zulfikar Ramzan, Senior Principal Re...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Security in .net
Dear friends i have created applications projects and also  give the permission to download through web.but every month client have to  get new registration number then only that applications will work.other wise it will get expires .give the idea how to do that .. Hi, inbaathere are a lot of ways to implement such an application. You have 2 main choices to make - to use the direct URL to your file (for example http://yoursite.com/downloads/somefile.zip) or to use common download page ( for example http://yoursite.com/download.aspx?fileId=23423154243 ).1) If you choose the first ...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Security Briefs: Security Enhancements in the .NET Framework 2.0
Security Briefs: Security Enhancements in the .NET Framework 2.0 http://msdn.microsoft.com/msdnmag/issues/05/01/SecurityBriefs/default.aspx *********************************************************** Quote *********************************************************** As I write this column, version 2.0 of the Microsoft .NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.1 as well as 2.0. I then used WINDIFF.EXE to compare the two text files, and s...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

.net Security
Hi.Please explain me about declarative security & imperative security.Thanks in advance.(If this has answered your question, please click on "Mark as Answer" on this post. Thank you!)Best Regards,Michael SyncMicrosoft WPF & Silverlight InsiderBlog : http://michaelsync.net Declarative security is where you establish Code Access Security requirements through the use of attributes attached to classes and methods. Imperative security is where you interact with the security engine using method calls.RegardsDave Thanks so much..(If this has answered your question, please clic...

about net security
Name: Nasir Email: nasi81ataoldotcom Product: Firefox Summary: about net security Comments: Dear Sir Please tell me that if I use firefox for browsing any type of web site, can it would be checked by my administrator that which type of web sites are to be open at my system or not? Mean the Administrator can check or not the sites which I used to open at my system? Waiting your reply Thanks & Regards Nasir Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008092417 Firefox/3.0.3 From URL: http://hendrix.mozilla.org/ Note ...

Is .NET Secure?
Here's the scenario. I want to develop a website that is hosted by a third party (shared web host initially) that contains sensitive data.    I encrypt / decrypt the data (that is stored on the SQL server encrypted) at the data access tier to StringBuilders and pass them up the business logic layer to the presentation layer. When the data hits the presentation tier, in this case the web page, I must convert them to String so that I can display them as you cannot simply point web controls to StringBuilders . When the page is rendered, these strings&nbs...

Security in .NET
hi All, I m make a application, here, user can view some page or some not, So which type of security i can use, Page Level security means, every time when page,this check user is valid or not, or User level, means every time user login, check those pages user can visit. which type of tecnique is best regarding security and performence... plz discuss in detial thanx in advance Sajjad Please Mark as Answer, if the post Solve your Problem__________________________Regards,Sajjad RizviC U ON NETreply me : sajjaddotnet@yahoo.com Windows authentication  - for intranet scenarios. F...

what is the use of code access security in .net
Hi,   what is the use of code access security in .net, and how to work in .net 3.5 If you have your code running in separate assemblies then you can restrict the permission set for that assembly by using CAS.You could restrict a desktop application from making DNS requests for example. This section of msdn is devoted to explaining the concepts and usage of Code Access Security:http://msdn.microsoft.com/en-us/library/930b76w0.aspx Hi good example of CAS is Microsoft SharePoint (WSS 3.0). While Creating your own web parts for sharepoint you will required CAS for your WebPa...

.Net code access security has no effect.
Hi All. I have built a library -MyLib.dll -  for my asp.net application that has been signed using public-private keypair made from sn.exe. I signed it from the signing option in visual studio 2005 and gave the public-private key pair file. I had already added  the StrongNameIdentityPermissionAttribute to one of my classes inside Mylib.dll like the follwowing namespace Test { public class Sample { [StrongNameIdentityPermission(SecurityAction.Demand, PublicKey = "...")] public static void SayHello() { System.Diagnostics.Debug.Writ...

Accessing .NET Component in PB
Hi guys. I know this is not the right place to ask this question but I really need your help fast. The other company made a COM object in .NET 2.0 which manages connection to web service and signing of xml file. We copy those dll files to location where app using it is running, use regasm.exe to register the component and out tests using it were !successful!. BUT. If I run application as administrator it all works perfectly, but if I run application as "user" oleobject.connecttonewobject returns 0 - success but function calls fail and return message says something like...

Web resources about - IIS windows intergrated security and .NET access - asp.net.security

Wikipedia talk:WikiProject reform/Archive 1 - Wikipedia, the free encyclopedia
My initial two cents - a very interesting proposal. In the context of WP:ORGZ however, an interesting problem arises. There is no doubt a need ...

提供国内最全面的电子元器件IC datasheet,集成电路PDF资料的查询和下载服务

PhotoGallery-Department of International Cooperation Ministry of Science and Technology PRC
Chinese Version Home News Photo Gallery About DIC Features Conference and Exhibition Training Newsletters China S&T Meet China Laws and Regulations ...

First Mac Bootable PCI SSD now available from OWC
... controller and NAND running. The blades run in RAID 0 by default but they can also be configured in RAID 1 mode. Oftentimes everything is intergrated ...

OWC Releases Mercury Accelsior PCIe SSD
OWC has released their first PCIe SSD, the Mercury Accelsior. OWC has used SandForce controllers throughout its history in the SSD world and ...

Welcome to the summer 2012 issue of All Points North online! Here at APN, we know we're not the only ones eager for that warm sunshine and cool ...

Come to CNET Reviews for headphones/headset reviews, CNET editors' ratings, user reviews, and prices on headphones/headsets. Find the headphones/headset ...

Why I vote, and you should too
Rosie Perez: Young people have incredible dreams for their future, but those dreams could be shattered if we elect the wrong candidates.

Resources last updated: 12/26/2015 5:30:33 AM