Avoiding authentication required popup while using integrated windows authentication and accessing application from internet

Question

I need to implement something like Single Sign On for a application that is being used on both Intranet and Internet. Now , the application uses its own table for storing User information and has more users than that present in the AD for the Company. Example contract workers/3rd party vendors etc and hence many users who don't belong to the Active directory of domain are listed in the User Table.

The Application is a bit old and currently it uses Form to authenticate the users. But strangely authentication mode in the web.config file has the following entry for authentication. <authentication mode="None" />

I changed the authentication mode to Windows in web.config and in IIS 6 selected integrated Windows authentication and unchecked the anonymous access.

Now I have following two scenarios.

#1 Intranet
User logs in to the system using the System Credential which is stored in a AD Now if user hits the link for the web application he should be logged in. I have implemented this part by using Page.User.Identity.name in the Page load of login.aspx to check if the user exists in the DB.

#2 Internet
If I check it from a external network the browser prompts me for credential.
The requirement is that the user should not be prompted for credential instead should be shown the current Login page

I googled and ended up on stackoverflow every time. Sadly the solutions did not work out for me.

I stumbled upon this post by Scott Enabling Windows Authentication within an Intranet ASP.NET Web application and if you check the comments Scott refers to use of solution by commenter ripster in case application is accessed from internet as well as intranet. Though it didn't work out for me or may be I didn't do it properly.

Any help regarding this would be appreciated.

Answer 1

It seems you require a mix of Windows and Forms authentication : The requirement is that the user should not be prompted for credential instead should be shown the current Login page

Thought to share this . May be it can help you as mostly I have seen people to like the second below mentioned solution a lot. ( Atleast when they read it .)

If you're in classic mode - you can have both Windows and Forms authentication. An alert will pop up

Challenge-based and login redirect-based authentication cannot be used 
simultaneously

you can however ignore this warning. CarlosAg says that:

we decided to leave it there was because it is still behavior that many user 
scenarios  would be consider incorrect, since most of the time forms 
authentication  uses anonymous  authentication and not windows.

Read here.

Now when you want to use integrated mode, This stack question : iis7 Challenge-based and login redirect-based authentication cannot be used simultaneously leads to this famous link: http://mvolo.com/iis-70-twolevel-authentication-with-forms-authentication-and-windows-authentication/ , which allows to change the authentication way for a page. Another way you can manage this when using windows authentication is to manage usernames using code:

string user = Request.ServerVariables["LOGON_USER"];

Refer this link: http://beensoft.blogspot.in/2008/06/mixing-forms-and-windows-authentication.html , which gives a different way of mixing Forms and Windows authentication.