Scenario:
- https asp/asp.net website running of IIS 7.5 (windows server 2008)
- IIS currently configured to allow anonymous authentication and forms authentication ,asp.net impersonation are disabled while windows authentication is not installed (I understand that windows authentication needs to installed for this.)
- a single custom login page for both internal and external users
Requirment:
- Internal users seamlessly login while capturing their LOGON name (window authentication)
- External users (not on domain) should be prompted a manual login
Questions:
- What approach can be used to implement this?
- Looking for the IIS 7.5 and web.config settings
Approaches Found:
- make 2 pages within 1 website, winlogin and weblogin(front page). Allow windows auth=true and anonymous auth=false on winlogin.aspx and vice versa on weblogin.aspx
user with a ip hits weblogin, if ip is known redirect to winlogin to capture logon and redirect to weblogin if the ip is unknown - have winlogin.aspx as the main page and redirect 401 errors to weblogin.aspx
Best Answer
This is how to configure IIS for integrated authentication.
http://netpl.blogspot.com/2012/06/iis-75-integrated-security-with-no.html
This will make your site available for intranet users WITHOUT the prompt for credentials.
Note that this also works for web users. A built-in web browser window is displayed as a result of HTTP 401. A user provides his/her credentials and is in.
If you rather want to show your custom web form as a result of 401 (unauthorized), you'd have to trick the browser a little:
http://www.codeproject.com/Articles/11202/Redirecting-to-custom-401-page-when-quot-Access-de
This way you can redirect an unauthorized response to a web form of your choice (for example, to show an asp.net login form).
Although the integrated authentication can be easily configured, prepare for a lot of experiments when setting up your mixed (integrated/forms) authentication. Things change with every version of IIS; also IIS7 behaves differently if a pool is in classic vs integrated mode.