Multiple authentication

Question

User-824531797 posted

Hi

We are developing a ASP.net application that will be hosted on an intranet server and exposed to outside world through firewall.

For requests coming in from the intranet, the app should use windows authentication using the requesting user's windows credentials - so the intranet users wouldn't have to type in their passwords.

For requests coming in from outside the intranet through firewall, app should use bearer authentication using token in the headers.

Kindly advise how the app can differentiate between the two type of requests and apply corresponding authentication.

Best Regards

Abhishek

Answer 1

User-1695758799 posted

Actually, you can do it. Bit late for @dr_draik, but this cropped up in a google result for me so I thought I'd share some knowledge.

If you're in classic mode - Enable both Windows and Forms auth. You'll get a warning about not being able to do both at once, but you can ignore it. Then, you can spelunk around various properties like Code:

HttpContext.Current.Request.ServerVariables["LOGON_USER"]

and fish the username out of there.

If you're in integrated mode - 4021905 IIS7 Challenge-based and login redirect-based authentication cannot be used simultaneiously leads to IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication which is a module that allows you to selectively change the auth for different pages.

You can also check for:

https://msdn.microsoft.com/en-us/library/ms972958.aspx

Answer 2

User-2057865890 posted

Hi abhisinghal21,

You could configure your application to use form authentication while access user credential from Active Directory (windows user).

Forms Authentication with Active Directory

IIS7 Mixed Windows and Forms Authentication

Best Regards,

Chris