0

Today I'm using form based authentication with a LDAP string in my web.config. After sucessful autentication there is a lot of logic going on like selecting database and adding information to the session.

I need to use integrated windows security (is that correct?) instead. The point is that I can not longer use the LDAP string.

How can I do this with no form to hook the eventhandlers to?

vcsjones
  • 138,677
  • 31
  • 291
  • 286
espenk
  • 575
  • 2
  • 8
  • 23
  • Is this an Intranet app (where the users are already authenticated on the Web Server's domain) or is it an Internet app? It's possible to map federate logins to internal domain accounts as well. – Michael Brown Jan 03 '12 at 16:54
  • It´s an internet application. I don´t understand the last part. The AD to authenticate against is just one AD. – espenk Jan 03 '12 at 20:46

1 Answers1

0

AuthenticateRequest is one of the ASP.NET Application Lifecycle Events that can be handled through the Global.asax page when it is called, the User has already been authenticated and the IPrincipal is already attached to the current HttpContext

Michael Brown
  • 9,041
  • 1
  • 28
  • 37
  • thank you. But the Session object is not accessible at the Application_AuthtenticeRequest. – espenk Jan 03 '12 at 20:45
  • I don't think I understand this. How is this done in other applications? This must be done in many, is there maybe wrong to use the sessuion object to store all this values? – espenk Jan 04 '12 at 07:57
  • You can't get HttpContext.Current.Session from AuthenticateRequest? – Michael Brown Jan 04 '12 at 15:35
  • Apparently no...here's how to do it by extending WindowsPrincipal http://weblogs.asp.net/bhickman/archive/2003/02/07/2018.aspx – Michael Brown Jan 04 '12 at 15:37
  • The downside is that you'll have to perform that operation on every request...perhaps you can cache the information and look it up based on the windowsprincipal username like this http://stackoverflow.com/questions/1325863/forms-authentication-cross-windows-authentication – Michael Brown Jan 04 '12 at 15:52