Impersonation over multiple pages

  • Thread starter Thread starter Andy
  • Start date Start date
A

Andy

I'm a newbie and would like some help with impersonation...

I am trying to eliminate the grey box that pops up when using Windows
Basic Authentication. My questions are as follows:
1. Is it advisable to use forms authentication and then use the
details provided to impersonate that user?
2. In my tests, I manage to impersonate on the first page, but when it
redirects to the next page, it reverts back to ASPNET Account. What is
a good solution to maintain the same effect as using Windows
Authentication between pages?
3. If I try and use impersonation for every page request, I have to
somehow maintain username and password between pages for the user I
wish to impersonate. Is there any mechanism that gets around this?
Your help will be greatly appreciated.
Thanks
Andy
 
If you enable the impersonation in web.config file (<identity
impersonate="true" />) and use the windows authentication (<authentication
mode= "Windows" />) the web app impersonate the identity of the
authenticated user:
- IUSR_MachineName if Anonymous
- User credential if Windows Integrated, Basic* or Digest

You can use a custom from authentication, you'll find more details at
http://msdn.microsoft.com/library/d...t.asp?frame=true#authaspdotnet_authentication

* The credential are sent in clear (encoded) text across the network

HtH,
Andrea
 
Thanks Andrea for your feedback but I am trying to get rid of the grey
Windows Login box that pops up when using Windows Basic
Authentication. I want to use forms authentication so users can enter
their details in the HTML form.
Currently I am able to impersonate the user on the first page but when
I am redirected from the login page after successful login, the user
then becomes the anonymous user.
I downloaded some sample code from MS website that allows me to
impersonates the current windows user but I want to impersonate the
user whose details I entered on the HTML form.
My question is therefore, how do I maintain the impersonation of the
person whose credentials were entered on the HTML form throughout the
site and over mulitple page requests?
Regards,
Andy.
 
Back
Top