Force Popup with authentication mode="Windows" - 09-25-2003 , 10:17 PM
Is there a way to make my intranet web application NOT automatically
use the logged in user when using the "Windows" authentication mode?
I want to force the windows popup to always appear, prompting them for
a user name and password (with domain name already filled in for them,
if possible), as would happen if the logged in user didn't have access
to the resource.
I know how to do this with forms authentication, but I'd really rather
do it thru windows authentication.
Force Popup with authentication mode="Windows" - 09-26-2003 , 03:25 PM
What security configuration are you using in IIS for your
Re: Force Popup with authentication mode="Windows" - 09-27-2003 , 03:43 PM
The origional idea was for technician to be able to
access the webpage while working at a customer's
workstation, the app would check to see if the logged
in domain user was a member of a group with access,
and if not, prompt for a username/password for someone
who does have access.
To do this, I changed the web.config file to use "Windows"
authentication mode, added a roll allow for the group
the technicians belong to, and set the authentication
methods for the web to use Basic Authentication only.
This has worked well and maintains the authentication
throughout the session.
The problem I've encountered is with some monitoring
workstations that are always logged in. When a tech
uses the app from there it gets the wrong user name.
This issue would happen if a tech were to go to
another tech's workstation and use the app, as well.
To prevent this, the only workaround I can think of
is to somehow make the app impersonate some other
user when it first tries to authenticate, popping
the request box for username and password.
If you know how to do this, or some other means of
achieving the same result of the box always popping,
please let me know!
|Thread Tools||Search this Thread|