advice - spoofing an active directory login?

N

nikespex

I am working on an application that is protected behind Active
Directory. In special cases users will be authenticated elsewhere on a
separate system via a web-based login. When they reach my application
I need to be able to log the user in automatically without prompting
them with a Windows login pop-up (for Active Directory).

Example: User visits www.foo.com and successfully logs in as Jane.
Jane then visits www.bar.com and because she has already authenticated
at foo.com I want to automatically log her in as the Active Directory
user "Jane" on my application at bar.com without her seeing the Windows
login prompt.

Any advice for how this can be accomplished? I'm using class ASP for
the UI to the application.

Much thanks,
Ryan
 
M

Mark Smith

You can only do this with forms base (basic) authentication -- something you
could actually capture the password with. Integrated (Kerberos) is time
sensative and won't allow the reuse of the password.
 
C

Chriss3 [MVP]

Hello,
How dose your timefime look for delivery this application? ADFS - Active
Directory Federation Service should help you with this. How ever the ADFS is
a new technology and will shipp with Windows Server 2003 R2, the current
state is now RC1.

Active Directory Federation Services (ADFS) is based on the emerging,
industry-supported Web Services Architecture, which is defined in WS-*
specifications. ADFS helps you use single sign-on (SS0) to authenticate
users to multiple, related Web applications over the life of a single online
session

Have a look at:
http://technet2.microsoft.com/WindowsServer/en/Library/050392bc-c8f5-48b3-b30e-bf310399ff5d1033.mspx

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
N

nikespex

Is there a way to set values within ASP to make them appear as though
they were posted via a form? (as per your advice below)

Basically I'm going to have info from the user's previous login passed
in and I need to be able to authenticate them against AD without them
entering their login info again.

(sorry if my questions seem elementary - I'm a Coldfusion dev, so AD
and ASP are new to me)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Get Netbios domain name from active directory 3
Single sign-on based on Active Directory 1
Membership of user in Active Directory 10
Some users hang during login after upgrading to Active Directory 2
ASP.NET and Active Directory 3
Is Active Directory good to use for a B2B site 1
ASP.net Login Page with Active Directory 2
Using kerberos w/o binding to active directory 1

Top