ASP.NET Mixed Authentication

Question

I have 2 applications, one is Forms Authentication and looks like so:

<authentication mode="Forms">
        <forms loginUrl="~/Login"></forms>
      </authentication>

public class LoginController : Controller
    {
        public ActionResult Index()
        {
            return View();
        }

        public ActionResult LoginCheck()
        {

            string username = Request.Form["username"];

            FormsAuthentication.RedirectFromLoginPage(username, true);

            return RedirectToAction("Index", "Home");
        }
    }

The other application is empty but is using Windows Authentication:

<authentication mode="Windows" />

public class HomeController : Controller
    {
        public ActionResult Index()
        {
            ViewBag.Title = "Home Page";

            return View();
        }
    }

What I am trying to do is the following:

The user fills in their username and password in the forms authentication application and clicks submit
The LoginCheck method, takes the username and password and authenticates against the application that is Windows Authentication

I am in hopes that I get a response from the Windows Authentication Application saying yes this username and password is correct, proceed or no they didn't work

Am I on the right track on what I want to accomplish? My problem is I have no idea how to accomplish part 2, if someone could help me out that would be amazing or point me in the right direction.

Why the need to mix it? If the web stack is on your domain and you have access to AD why not just use windows auth? If its not, then why use windows auth at all? — Jason Hughes, Sep 15 '15 at 20:37
Mixing it because I want to use a form instead of an ugly dialog box. — user979331, Sep 15 '15 at 20:39
I'm pretty sure Windows Authentication happens before your code executes. You might be best of using Forms Authentication and using ActiveDirectoryMembershipProvider like [this](https://msdn.microsoft.com/en-us/library/ff650308.aspx). — Jason Hughes, Sep 16 '15 at 16:12
Take a look at the [claim based authentication](https://msdn.microsoft.com/en-us/library/ff359101.aspx) — Max, Sep 20 '15 at 23:09
Is this your Requirement :- The application should authenticate windows user using form authentication so that the currently logged in user shouldn't be bound to logged-in in the application only with his windows account. He should be able to log-in with any valid windows account. — Anurag Jain, Sep 23 '15 at 14:09

score 2 · Answer 1 · edited May 23 '17 at 11:44

2

If you don't have to use the second application for other reasons I would suggest to use another way to verify the credentials.

Example: https://stackoverflow.com/a/499716/5036838

After the credentials are verified you could use any sort of cookie/based authentication to proceed.

edited May 23 '17 at 11:44

Community

1
1

answered Sep 23 '15 at 14:05

M. Altmann

726
5
20

score 1 · Answer 2 · edited May 23 '17 at 12:14

When using Integrated Windows Authentication (IWA), your browser should use your Windows credentials to log you on to the web site automatically.

Here are a number of things you may check:

Does your browser support IWA?
Is there an HTTP proxy between your browser and site?
Is your machine logged on to the Windows domain in which your site is hosted?
Does the IE setting specify to prompt for credentials?

See also the answers to this question for more suggestions.

ASP.NET Mixed Authentication

2 Answers2