"Doug" wrote:

> David,
>
> Thats awesome and exactly what I am looking for. Thanks.. My next question
> is there any sample custom login forms available. I familiar with posting
> forms however does the form post back to the dll?
> i assume that the inherent login form is compiled into the dll file however
> im ok with creating just an html file or asp file and was wondering if you
> knew of some samples out there?
>
> Thanks again!
>
> Doug
>
>
>
> "David Wang [Msft]" wrote:
>
> > CustomAuth from IIS Platform SDK shows how to pass form credentials.
> > http://blogs.msdn.com/david.wang/archive/2006/01/24/HOWTO_Install_and_Use_CustomAuth_on_IIS_6.aspx
> >
> > However, the custom scheme you describe (try Windows first and if it fails,
> > try forms) cannot be configured. Lots of people want that behavior, but
> > sorry, the standardized browsers and the authentication protocols just don't
> > work that way.
> >
> > You can configure two websites, one Intranet that is Windows only, the other
> > Extranet that is Forms auth only.
> >
> > --
> > //David
> > IIS
> > http://blogs.msdn.com/David.Wang
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> > //
> >
> > "Doug" <Doug@discussions.microsoft.com> wrote in message
> > news:0393219E-EDF5-4B07-994B-9251F78A9947@microsoft.com...
> > > Ok to explain my scenario here is my goal
> > >
> > > I have an intranet site that is available internally as well as
> > > externally.
> > > Currently it is just html files on the intranet (that change may come
> > > later
> > > which will make it easy to secure via an application, unfortunately right
> > > now
> > > that is not an options)
> > >
> > > What i would like to do is essentialy mix windows and forms based
> > > authentication however the articles I have found wont exactly accomplish
> > > what
> > > i need since I do not have my intranet as an application.
> > >
> > > I have anonymous turned off and integrated authentication turned on so
> > > that
> > > anyone internally does not get prompted for a username and password, the
> > > external side first hits my redirection to ssl page (shich is set to allow
> > > anonoymous access) and then the user gets prompted for a username and
> > > password via the standard windows popup since I have windows NTFS
> > > permissions
> > > set on the entire directory.
> > >
> > > What I want to do is if a user is not authenticated via integrated, i want
> > > to present them with a pretty form to log into instead of the windows pop
> > > up
> > > box, and then authenticate them against Active Directory and then pass the
> > > authenticated credentials to IIS as they were logged into the computer
> > > with
> > > those credentials exactly as Microsoft has done with Exchange webmail.
> > >
> > > Is this possible and any steps in the right direction would be
> > > appreciated.
> > > I have the form written and is authenticating via Active Directory and
> > > then
> > > doing the redirect to the home page via ssl, the only problem I have to
> > > work
> > > the details on is passing those credentials to windows security so they
> > > are
> > > not prompted for the user name again via the windows pop up box. It looks
> > > as
> > > though the OWA logon passes those credentials to a .dll file that is
> > > handling
> > > this.
> > >
> > >
> > > Thanks in advance for any tips helping me out on this one.
> > > Please let me know if any of this is unclear.
> > >
> > >
> > >
> > >
> > > Doug
> > >
> > >
> > >
> >
> >