> Hello, I posted this in the .NET group, but no one seemed to have an
> answer. I wrote a web app that prompts for the user name and
> password, then redirects the user to the correct page depending on the
> group they belong to.
>
> The problem arrises when the user is redirected to the new asp page.
> The security on these pages are set in NTFS. The group the user
> belong to has Read and Read & Execute rights.

<Eddie B> wrote in message
news:thp8v0d6ptlfnel07d4ck0afd72n32i96g@4ax.com...
> Hello, I posted this in the .NET group, but no one seemed to have an
> answer. I wrote a web app that prompts for the user name and
> password, then redirects the user to the correct page depending on the
> group they belong to.
>
> The problem arrises when the user is redirected to the new asp page.
> The security on these pages are set in NTFS. The group the user
> belong to has Read and Read & Execute rights.
>
> Example:
> User1 belongs to Group1
> User1 opens Default.aspx, and enters his name and password in the
> boxes on the form, then clicks Submit
> User1 is redirected to Group1.asp, Group1 is the only one that is in
> the permissions list viewing this file's security settings.
> User1 is then prompted by internet explorer for their user name and
> password. If they enter it correctly, they are redirected with no
> problem
>
> I don't want Internet Explorer to prompt for their password, I want to
> be able to redirect with the user name and password they already
> entered in the .aspx form
>
> I have tried:
> FormsAuthentication.Authenticate - doesn't authenticate, but I am
> getting the username and password from AD, not from web.config
>
> System.Management.ManagementScope - won't connect
>
> WindowsImpersonationContext - Impersonation doesn't seem to work using
> response.redirect, not sure if I am sending the token right
>
> URLbyNetworkCridentials (System.Net.NetworkCredential) - using basic
> as authtype, won't redirect using response.redirect
>
> I have to use AD and the .aspx logon screen, so setting the users in
> web.config isn't really an option.
>
> If anyone can help, I sure would appreciate it.

<Eddie B> wrote in message
news:o9t8v0hjc0viqv8uc8641kgh4oftcg8nea@4ax.com...
> Damn, that was a fast reply!
>
> I should have stated I am using Forms Authorization, Windows Auth
> won't work because the user may not be logged in to their machine with
> the same name and password as the server they will be logging in to.
>
> This is for a bank with more than 20 branches, so the user may have a
> different user name and password on the remote server than the one
> they used to log in to their workstation computer.
>
> Is there any way to send the users name and password to the server
> with the request for the new page so they won't be prompted to
> re-enter them?
>
>
> On Mon, 24 Jan 2005 15:04:06 +1100, "Ken Schaefer"
> <kenREMOVE@THISadopenstatic.com> wrote:
>
>>Hi,
>>
>>If you are using a HTTP based authentication mechanism (eg NTLM, Basic,
>>Digest etc), then the browser needs to send the appropriate credentials in
>>the HTTP request headers. The only way I know of to force that to happen
>>is
>>for the webserver to send back a 401 HTTP status as well as
>>WWW-Authenticate
>>headers. AFAIK, you can't just somehow "authenticate" the user on the
>>server, and then expect the browser to send the appropriate headers with
>>each subsequent request.
>>
>>http://support.microsoft.com/?id=264921
>>INFO: How IIS Authenticates Browser Clients
>>
>>may be worth reading.
>>
>>If the browsers are Internet Explorer, and the user places the site into
>>their local "Intranet" security zone, and the authentication type is NTLM
>>or
>>Kerberos, then you get the browser to "autologon" using the user's current
>>Windows credentials:
>>
>>http://support.microsoft.com/?id=258063
>>Internet Explorer May Prompt You for a Password
>>
>>on how to set this up.
>>
>>Cheers
>>Ken
>>
>>
>><Eddie B> wrote in message
>>news:thp8v0d6ptlfnel07d4ck0afd72n32i96g@4ax.com...
>>> Hello, I posted this in the .NET group, but no one seemed to have an
>>> answer. I wrote a web app that prompts for the user name and
>>> password, then redirects the user to the correct page depending on the
>>> group they belong to.
>>>
>>> The problem arrises when the user is redirected to the new asp page.
>>> The security on these pages are set in NTFS. The group the user
>>> belong to has Read and Read & Execute rights.
>>>
>>> Example:
>>> User1 belongs to Group1
>>> User1 opens Default.aspx, and enters his name and password in the
>>> boxes on the form, then clicks Submit
>>> User1 is redirected to Group1.asp, Group1 is the only one that is in
>>> the permissions list viewing this file's security settings.
>>> User1 is then prompted by internet explorer for their user name and
>>> password. If they enter it correctly, they are redirected with no
>>> problem
>>>
>>> I don't want Internet Explorer to prompt for their password, I want to
>>> be able to redirect with the user name and password they already
>>> entered in the .aspx form
>>>
>>> I have tried:
>>> FormsAuthentication.Authenticate - doesn't authenticate, but I am
>>> getting the username and password from AD, not from web.config
>>>
>>> System.Management.ManagementScope - won't connect
>>>
>>> WindowsImpersonationContext - Impersonation doesn't seem to work using
>>> response.redirect, not sure if I am sending the token right
>>>
>>> URLbyNetworkCridentials (System.Net.NetworkCredential) - using basic
>>> as authtype, won't redirect using response.redirect
>>>
>>> I have to use AD and the .aspx logon screen, so setting the users in
>>> web.config isn't really an option.
>>>
>>> If anyone can help, I sure would appreciate it.
>>
>

<kenREMOVE@THISadopenstatic.com> wrote:

>Without using an ActiveX control on the client, I don't know of any way. You
>can't, using an trusted server, do things to the client like that.
>
>Maybe if the server was in the client's trusted sites zone you could use
>some VBScript or similar on the client to force the client to send headers
>*BUT* you'd need a safe way of sending the credentials from the server to
>the client for the client to then send them back to the server.
>
>Why don't you just use Forms authentication instead of NTFS permissions?
>
>Cheers
>Ken
>
>
><Eddie B> wrote in message
>news:o9t8v0hjc0viqv8uc8641kgh4oftcg8nea@4ax.com...
>> Damn, that was a fast reply!
>>
>> I should have stated I am using Forms Authorization, Windows Auth
>> won't work because the user may not be logged in to their machine with
>> the same name and password as the server they will be logging in to.
>>
>> This is for a bank with more than 20 branches, so the user may have a
>> different user name and password on the remote server than the one
>> they used to log in to their workstation computer.
>>
>> Is there any way to send the users name and password to the server
>> with the request for the new page so they won't be prompted to
>> re-enter them?
>>
>>
>> On Mon, 24 Jan 2005 15:04:06 +1100, "Ken Schaefer"
>> <kenREMOVE@THISadopenstatic.com> wrote:
>>
>>>Hi,
>>>
>>>If you are using a HTTP based authentication mechanism (eg NTLM, Basic,
>>>Digest etc), then the browser needs to send the appropriate credentials in
>>>the HTTP request headers. The only way I know of to force that to happen
>>>is
>>>for the webserver to send back a 401 HTTP status as well as
>>>WWW-Authenticate
>>>headers. AFAIK, you can't just somehow "authenticate" the user on the
>>>server, and then expect the browser to send the appropriate headers with
>>>each subsequent request.
>>>
>>>http://support.microsoft.com/?id=264921
>>>INFO: How IIS Authenticates Browser Clients
>>>
>>>may be worth reading.
>>>
>>>If the browsers are Internet Explorer, and the user places the site into
>>>their local "Intranet" security zone, and the authentication type is NTLM
>>>or
>>>Kerberos, then you get the browser to "autologon" using the user's current
>>>Windows credentials:
>>>
>>>http://support.microsoft.com/?id=258063
>>>Internet Explorer May Prompt You for a Password
>>>
>>>on how to set this up.
>>>
>>>Cheers
>>>Ken
>>>
>>>
>>><Eddie B> wrote in message
>>>news:thp8v0d6ptlfnel07d4ck0afd72n32i96g@4ax.com...
>>>> Hello, I posted this in the .NET group, but no one seemed to have an
>>>> answer. I wrote a web app that prompts for the user name and
>>>> password, then redirects the user to the correct page depending on the
>>>> group they belong to.
>>>>
>>>> The problem arrises when the user is redirected to the new asp page.
>>>> The security on these pages are set in NTFS. The group the user
>>>> belong to has Read and Read & Execute rights.
>>>>
>>>> Example:
>>>> User1 belongs to Group1
>>>> User1 opens Default.aspx, and enters his name and password in the
>>>> boxes on the form, then clicks Submit
>>>> User1 is redirected to Group1.asp, Group1 is the only one that is in
>>>> the permissions list viewing this file's security settings.
>>>> User1 is then prompted by internet explorer for their user name and
>>>> password. If they enter it correctly, they are redirected with no
>>>> problem
>>>>
>>>> I don't want Internet Explorer to prompt for their password, I want to
>>>> be able to redirect with the user name and password they already
>>>> entered in the .aspx form
>>>>
>>>> I have tried:
>>>> FormsAuthentication.Authenticate - doesn't authenticate, but I am
>>>> getting the username and password from AD, not from web.config
>>>>
>>>> System.Management.ManagementScope - won't connect
>>>>
>>>> WindowsImpersonationContext - Impersonation doesn't seem to work using
>>>> response.redirect, not sure if I am sending the token right
>>>>
>>>> URLbyNetworkCridentials (System.Net.NetworkCredential) - using basic
>>>> as authtype, won't redirect using response.redirect
>>>>
>>>> I have to use AD and the .aspx logon screen, so setting the users in
>>>> web.config isn't really an option.
>>>>
>>>> If anyone can help, I sure would appreciate it.
>>>
>>
>