I have an extranet which requires forms authentication but also seemlesy authenticates network users. I have done this with a little experimentation however my technique requires users with a network password to login via the windows authentication dialog box poped up by the browser after they have logged in via my login form. Is there any way of passing the login information to the dialog box or some other method of logging the user on via their domain password to prevent them from encountering the dialog box?

I think your question requires more clarification but if you're using Windows authentication, why you have a login form?!

I am not using windows authentication for the site, I am using forms authentication. However I need the users accessing the site from the network to be seemlessly authenticated so I am using a hybrid system where a user is screened and if they are on the network they are passed to a page protected by Integrated Windows Authentication and then logged on via forms authentication. The problem I have is that if a user has Network credentials but is accessing the site from outside they will be directed to the log in form. They then either enter their details and automatically get identified as a user with network credentials and forwarded to the Integrated Windows Authentication page or where they have to enter their details again in a popup dialog box or they can click a link to this page. I would like to capture their details from the original login form and authenticate them so that they dont get hit with a dialog box.

 You could check for the ip address of the user. If it matches your network's address then you can redirect him to the a windows authenticated site, otherwise you redirect him to a forms authentication site.

 Given below is code that I have used in the past:

 

<%@ Page Language="C#" %>
<%@ Import Namespace = "System.Net" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

protected void Page_Load(object sender, EventArgs e)
{

    string clientIPAddress = Request.ServerVariables["REMOTE_ADDR"];


    string pattern = "10.[1-5].([0-9]|[0-9][0-9]|[0-9][0-9][0-9]).([0-9]|[0-9][0-9]|[0-9][0-9][0-9])";
    Regex check = new Regex(pattern);

    bool valid = false;
    
    if (clientIPAddress == "")
    {
        //no address provided so return false
        valid = false;
    }
    else
    {
        //address provided so use the IsMatch Method
        //of the Regular Expression object
        valid = check.IsMatch(clientIPAddress, 0);
    }
    
    //Response.Write(valid);

    if (valid)
    {
        Response.Redirect("auth.aspx");
    }
    else
    {
        Response.Redirect("default.asp");
    }
}

</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>weblogin</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
    </div>
    </form>
</body>
</html>

 

 I had the same issue and used this method:

 

http://forums.asp.net/p/1123528/1771540.aspx#1771540 

This is exactly what I am doing. My problem is when a user with Network credentials attempts to access the site from outside the network. They are currently directed to a custom login page. Users without Network Credentials are given a different username and password and can log in via this page, however Users with network credentials need to be able to login with them. Currently I simply redirect them to another page which is protected with Integrated Windows Authentication but it means they get a pop up dialog box asking for their credentials, which they have already entered once on the custom login page. I would like to take the credentials from the login page and bypass the dialog box.

 I used javascript to get around the problem.

My setup is like this:

-Main folder (uses Anonymous access)

   --authResponse folder (uses Integrated Windows authentication)

      ---returncredentials.asp (uses Integrated Windows authentication)

   --auth.aspx (uses Anonymous access)

   --weblogin.aspx (uses Anonymous access)

   --winlogin.asp (uses Integrated Windows authentication)    (My project required the use of an asp page. You can use .NET or whatever)

 

 

Given below is the code for the pages:

 

returncredentials.asp

  

<%
response.expires=-1
response.write(time)
%>

 

auth.aspx

  

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

    protected void Page_Load(object sender, EventArgs e)
    {
       // Response.Write(Context.User.Identity.Name);
    }
</script>

<script type="text/javascript">
function ajaxFunction()
{
var xmlHttp;
try
  {
  // Firefox, Opera 8.0+, Safari
  xmlHttp=new XMLHttpRequest();
  }
catch (e)
  {
  // Internet Explorer
  try
    {
    xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
    }
  catch (e)
    {
    try
      {
      xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
      }
    catch (e)
      {
      alert("Your browser does not support AJAX!");
      return false;
      }
    }
  }
  
  
  xmlHttp.onreadystatechange=function()
    {
    if(xmlHttp.readyState==4)
      {
      //document.myForm.time.value=xmlHttp.responseText;
      //alert(xmlHttp.responseText);
      //xmlHttp.responseText
      }
    }
  xmlHttp.open("GET","authResponse/returncredentials.asp",true);
  xmlHttp.send(null);
  window.location = "winlogin.asp";
  }
</script>


<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Untitled Page</title>
</head>
<body onload="ajaxFunction();">
    <form id="form1" runat="server">
    <div>
<%--        Name: <input type="text" onkeyup="ajaxFunction();" name="username" />
        Time: <input type="text" name="time" /> --%>     
    </div>
    </form>
</body>
</html>

 

 weblogin.aspx

  

<%@ Page Language="C#" %>
<%@ Import Namespace = "System.Net" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

protected void Page_Load(object sender, EventArgs e)
{
    string clientIPAddress = Request.ServerVariables["REMOTE_ADDR"];

    string pattern = "10.[1-5].([0-9]|[0-9][0-9]|[0-9][0-9][0-9]).([0-9]|[0-9][0-9]|[0-9][0-9][0-9])";
    Regex check = new Regex(pattern);

    bool valid = false;
    
    if (clientIPAddress == "")
    {
        //no address provided so return false
        valid = false;
    }
    else
    {
        //address provided so use the IsMatch Method
        //of the Regular Expression object
        valid = check.IsMatch(clientIPAddress, 0);
    }
  

    if (valid)
    {
        Response.Redirect("auth.aspx");
    }
    else
    {
        Response.Redirect("default.asp");
    }
}

</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>weblogin</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
    </div>
    </form>
</body>
</html>

 

winlogin.asp

 

<%
Dim arrUserInfo, sUserName, sDomainName
arrUserInfo = split(Request.ServerVariables("LOGON_USER"),"\")
sDomainName = arrUserInfo(0)
sUserName = arrUserInfo(1)

Session("suid") = sUserName
Session("domain") = sDomainName

Session("DestPage") = "head.asp"

Response.Redirect(Session("DestPage"))

%>

  

 

Basically the page people should be accessing (whether they're on the network or off it) is the weblogin.aspx page. That page then redirects them to the appropriate page. If they're part of the network, they're sent to auth.aspx which is basically an ajax page. That tries to access a Windows Authenticated page (returncredentials.asp) after which the server can now read the username and domain in the form DOMAIN\USERNAME.

winlogin.asp just splits that up and stores it in Sessions. You can obviously do whatever you want in winlogin.asp.

 

 

I think my description of what I trying to do is confusing the situation. I have no problem logging people in automatically via the network or through forms authentication via the web. However when someone accesses my site from the web, regardless of if they have network credentials or custom credentials they are asked to login via my logon.aspx page. If the user has custom credentials they can log in via this page with no problem. However if they have network credentials they will be forwarded to a winlogon.aspx page and they are asked via a popup dialog box for their credentials for a second time. What I want to do is to take the credentials they input on login.aspx and pass them to winlogon.aspx and use them to bypass the popup box so that they only have to supply them once. I presume I can somehow check the credentials against AD but I am not sure how and if this could work.

 Ok. I see what the issue is now.

Basically, you need to do the following:

1. Get username and password from logon.aspx

 

2. Check username against non-network db.

 

3. If user does not exist in db (you can set a boolean value to True. eg. isNotDbUser = True)

             goto step 4.

    else authenticate against non-network db.

 

4. If isNotDbUser = True

             search for username in AD.

 

5. If username found in AD

             try to authenticate with username and password.

    else redirect to error page.

 

Well, that's just a general breakdown and obviously not specifics, but I'm guessing that's what you need. It's also not optimized (searching both the db and AD), but unless you want the user to select what they want to authenticate against on the logon.aspx page, this is probably the easiest method. 

 

//Get Current window user

 string strName = HttpContext.Current.User.Identity.Name.ToString();

try

{ 

string strName = HttpContext.Current.User.Identity.Name.ToString();

string[] aa = strName.Split(new char[] { '\\' });

string currentuser = aa[1].ToString(); 

DirectoryEntry entry = new DirectoryEntry(/">LDAP://<ADservername>,"administrator","<adminpassord>");

 DirectorySearcher mySearcher = new DirectorySearcher(entry);

SearchResultCollection results; mySearcher.Filter ("cn="+currentuser);

results = mySearcher.FindOne();

Response.Redirect(login.aspx);

 }

Catch(Execption ex)

{

Response.Write(ex.Message.ToString());

}

 

using System; using System.Text; using System.Collections; using System.DirectoryServices; namespace FormsAuth { public class LdapAuthentication { private string _path; private string _filterAttribute; public LdapAuthentication(string path) { _path = path; } public bool IsAuthenticated(string domain, string username, string pwd) { string domainAndUsername = domain + @"\" + username; DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd); try { //Bind to the native AdsObject to force authentication. object obj = entry.NativeObject; DirectorySearcher search = new DirectorySearcher(entry); search.Filter = "(SAMAccountName=" + username + ")"; search.PropertiesToLoad.Add("cn"); SearchResult result = search.FindOne(); if(null == result) { return false; } //Update the new path to the user in the directory. _path = result.Path; _filterAttribute = (string)result.Properties["cn"][0]; } catch (Exception ex) { throw new Exception("Error authenticating user. " + ex.Message); } return true; } public string GetGroups() { DirectorySearcher search = new DirectorySearcher(_path); search.Filter = "(cn=" + _filterAttribute + ")"; search.PropertiesToLoad.Add("memberOf"); StringBuilder groupNames = new StringBuilder(); try { SearchResult result = search.FindOne(); int propertyCount = result.Properties["memberOf"].Count; string dn; int equalsIndex, commaIndex; for(int propertyCounter = 0; propertyCounter