Hi,

My current legacy asp/becoming-asp.net application uses IIS Windows
Authentication at present. What I need to do is let a user coming from
another site enter mine without being asked to log in. My first stab at this
is to create a page named LoginService.aspx that expects a username and
password in a posted form. It should then log the user in using the
LogonUser API from advapi32 and replace the Principal object for the thread
using Thread.CurrentPrincipal. I have coded this but it doesn´t seem to work
properly!

1) How do I suppress the Windows dialog box when accessing
LoginService.aspx? Keep it in another vroot?

2) If the user must, through his use of the site, access an OLAP server that
requires Windows authentication would the OLAP server not see the Windows
Principal I replaced for the Thread?

Regards,
Dadi.

ps. The code I use in Page_Load:

// call LogonUser and get a token
WindowsIdentity identity = new WindowsIdentity(token);

Thread.CurrentPrincipal = new WindowsPrincipal(identity);

// redirect to a page that accesses an OLAP server.