Windows Domain Authentication

Re: Windows Domain Authentication

Don't use a form, just use Windows Authentication on the application/site.

You can't take a plain text password from a form, and "check" it against
Windows Authentication, AFAIK. This would be a *H*U*G*E* security hole.

--
Aaron Bertrand
SQL Server MVP





"Zille Hassan" <zhassan@umg.co m.sa> wrote in message
news:e9s1cVztDH A.3744@TK2MSFTN GP11.phx.gbl...[color=blue]
> Dear All
>
> Newbie question here. i design form to take input from
> user(username,p assword). How do i autheticate if the user is Windows[/color]
Domain[color=blue]
> user and once it has authenticated successfully, how do i forward to the
> success page.
>
> Any help would be appreciated.
>
> Regards
>
> Zille.
>
>[/color]

Re: Windows Domain Authentication

You could use ADSI to do it...

Cheers
Ken


"Aaron Bertrand [MVP]" <aaron@TRASHasp faq.com> wrote in message
news:%23yuIbR1t DHA.1888@TK2MSF TNGP10.phx.gbl. ..
: Don't use a form, just use Windows Authentication on the application/site.
:
: You can't take a plain text password from a form, and "check" it against
: Windows Authentication, AFAIK. This would be a *H*U*G*E* security hole.
:
: --
: Aaron Bertrand
: SQL Server MVP
: http://www.aspfaq.com/
:
:
:
:
: "Zille Hassan" <zhassan@umg.co m.sa> wrote in message
: news:e9s1cVztDH A.3744@TK2MSFTN GP11.phx.gbl...
: > Dear All
: >
: > Newbie question here. i design form to take input from
: > user(username,p assword). How do i autheticate if the user is Windows
: Domain
: > user and once it has authenticated successfully, how do i forward to the
: > success page.
: >
: > Any help would be appreciated.
: >
: > Regards
: >
: > Zille.
: >
: >
:
:

Re: Windows Domain Authentication

But how do i do it, i am really new to ASP. do i have to enable Windows
authentication from the IIS admin.

and how do i store the username and password taken from the user in session
variables

"Zille Hassan" <zhassan@umg.co m.sa> wrote in message
news:e9s1cVztDH A.3744@TK2MSFTN GP11.phx.gbl...[color=blue]
> Dear All
>
> Newbie question here. i design form to take input from
> user(username,p assword). How do i autheticate if the user is Windows[/color]
Domain[color=blue]
> user and once it has authenticated successfully, how do i forward to the
> success page.
>
> Any help would be appreciated.
>
> Regards
>
> Zille.
>
>[/color]

Re: Windows Domain Authentication

> and how do i store the username and password taken from the user in
session[color=blue]
> variables[/color]

I hope that even through ADSI this is impossible. A programmer should never
be able to have access to Windows passwords, for reasons that should be
obvious.

--
Aaron Bertrand
SQL Server MVP

Re: Windows Domain Authentication

On Mon, 1 Dec 2003 08:38:18 +0300, "Zille Hassan" <zhassan@umg.co m.sa>
wrote:
[color=blue]
>But how do i do it, i am really new to ASP. do i have to enable Windows
>authenticati on from the IIS admin.[/color]

Take a look at:


[color=blue]
>and how do i store the username and password taken from the user in session
>variables[/color]

Don't ever store the password in a session variable. You could set a
session variable for "Logged In" but with Windows authentication
there's no real reason to (at least that my feeble little mind can
come up with at the moment...). Windows knows whether you're logged
in or not.

Jeff
[color=blue]
>"Zille Hassan" <zhassan@umg.co m.sa> wrote in message
>news:e9s1cVztD HA.3744@TK2MSFT NGP11.phx.gbl.. .[color=green]
>> Dear All
>>
>> Newbie question here. i design form to take input from
>> user(username,p assword). How do i autheticate if the user is Windows[/color]
>Domain[color=green]
>> user and once it has authenticated successfully, how do i forward to the
>> success page.
>>
>> Any help would be appreciated.
>>
>> Regards
>>
>> Zille.
>>
>>[/color]
>[/color]