将Windows身份验证与表单身份验证混合

Question

Consider a site used for an intranet which should also be accessible from the internet. On the intranet you want to use Windows Authentication and on the internet you want the users to access the site using forms authentication.

Is it possible to set up a mixed-mode with these two? I just want to validate that the user is logged in with either of them without using two sites.

Answer 1

You may want to look at a similar question: mixed mode authentication against AD and fallback to the database if it fail with Membership providers

In the answer I posit a solution using a facade. I have leveraged this approach to integrate AD on multiple domains, aspnet sql provider and a legacy authentication database with measurable success.

Answer 2

I know of no build-in way of doing this. But you can use a simple workaround:

Choose forms authentication as your primary authentication and map windows authentication to it. You can do so in the applications AuthenticateRequest using global.asax or a special http handler or module. Identify your intranet user in this request and set the forms authentication cookie using FormsAuthentication.SetAuthCookie programmatically.

I actually use this for a mixed mode forms and IP-Number authentication, but I think it would work for forms and windows auth too.

By the way: Maybe mixed mode forms and IP-Number authentication is a second solution for your problem. If your server is part of a DMZ you can detect your Intranet user by the IP number subnet.

Answer 3

Hei, I had seen this page talking about 2 level authentication with IIS7: IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication , and this other that has the same requirements as you: IIS mixed mode authentication for ASP.NET Applications - http://beaucrawford.net/post/IIS-ldquo3bmixed-moderdquo3b-authentication-for-ASPNET-Application.aspx , but I didn't try any, maybe it works for you? I guess you just have to adapt it for your needs.