Home


.Net, SQL and softball. Musings of a software developer with a softball problem

Monday, January 28, 2008

FormsAuthentication vs WindowsAuthentication

Well it seems that I have wasted an entire day last work working on authentication and a log out for the application that I'm working on. I say wasted cause it won't work with my project but it was pretty interesting to work with. Here's the run down.

The users want to be able to log out of the web application that I'm building for them. Not an unreasonable request. But there are standards in place that say I must use this homegrown application called AppSec to handle all of our security needs. Keeps everyones security in one place, pretty nice right? But there is a caveat to using AppSec. We must use WindowsAuthentication in order to talk to the AppSec web service.

I thought that we could get around this by using FormsAuthentication and logging into a windows domain that way. But how AppSec requires that IIS have anon. turned off in order to work. So back to square one.

But here is the code to log someone in and out of a windows domain using FormsAuthentication, in the .Net 2.0 framework.


Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Boolean

' Declare the logon types as constants
Const LOGON32_LOGON_INTERACTIVE As Long = 2
Const LOGON32_LOGON_NETWORK As Long = 3

' Declare the logon providers as constants
Const LOGON32_PROVIDER_DEFAULT As Long = 0
Const LOGON32_PROVIDER_WINNT50 As Long = 3
Const LOGON32_PROVIDER_WINNT40 As Long = 2
Const LOGON32_PROVIDER_WINNT35 As Long = 1



That is the function that you will have to call in order to log in. Here is the function call:


 isvalid = ValidateLogin(username, password, domain)
 If isvalid Then
    FormsAuthentication.RedirectFromLoginPage(username, True)
 Else
    'display error message
 End If



Now you have to change your web.config file to use forms authentication instead of Windows


<authentication mode="Forms">
  <forms loginurl="~/login.aspx" name="TestLogin" timeout="20" path="/" protection="All" />
</authentication >


After that you should be able to log in to your windows domain.

And to log out is just as easy:


FormsAuthentication.SignOut()


I got most of this code from this AspAlliance article, but at the time of posting the text of the article doesn't seem to be loading.

Labels:

posted by Tom Becker at 1/28/2008

0 Comments:

Post a Comment

<< Home

Previous Posts

Powered by Blogger

Subscribe to
Posts [Atom]

About Me

Name: Tom Becker
Location: Richmond, VA, United States

View my complete profile

Tombecker.net © 2008