current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 2 down vote favorite

i use to FormsAuthenticationTicket (with form) for authorize users with [Authorize] attribute, when on IIS was allow Anonymous and Form Auths all working so good, BUT now need to switch to Windows and Form - for disable whole pages for Anonymous access. But when i try login by Windows then i have an access like a user because i use to User.Identity.IsAuthenticated for check is user login or not. How to disable Windows authority in this case.

web.config

<authentication mode="Forms">
  <forms name="Auth" loginUrl="~/Account/Login" defaultUrl="~/" timeout="30"/>
</authentication>

i think about overwrite Authorize attribute but it not help with User.Identity.IsAuthenticated. ThankX

UPD: The same problem with User.Identity.Name etc...

UPD2: I think about Custom Attribute with some like this property:

public class LoggedAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return (base.AuthorizeCore(httpContext) && !IsWindows());
    }

    public static bool? _isWindows = null;

    public static bool IsWindows()
    {
        if (!_isWindowsAuth.HasValue)
        {
            if ((HttpContext.Current != null) && HttpContext.Current.User.Identity.IsAuthenticated)
            {
                _isWindows = new bool?(HttpContext.Current.User is WindowsPrincipal);
            }
            else
            {
                try
                {
                    AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.OpenWebConfiguration(VirtualPathUtility.ToAbsolute("~")).GetSection("system.web/authentication");
                    _isWindows = new bool?(section.Mode == AuthenticationMode.Windows);
                }
                catch
                {
                    _isWindows = false;
                }
            }
        }
        return _isWindows.Value;
    }

}
share|improve this question

1 Answer 1

up vote 0 down vote

What you want is this:

<authentication mode="Windows"/>

This will use the Windows identity in the User.Identity.Name field. However, you should be aware that you can't really use Windows authentication and Anonymous at the same time. You have to control access to any given resource as either/or, although you can specify which users have access and which do not.

share|improve this answer
    
May be you not exactly understood me - for me need to use form authentication (this is a main project ) but hide all site by windows authority and than need to initialize this context User.Identity.IsAuthenticated only by form not by windows. I dont use Anonymous and Windows at same time i use to Anonymous before - now when i change it to Windows i have a problem with User.Identity.IsAuthenticated context –  AleksP Feb 2 at 15:27
    
@AleksP - sorry, I just don't understand what you're trying to say. I don't understand what you mean by using form authentication but hiding athe site by windows authority. Do you mean you want users to have to enter their Windows credentials to get access to the Forms Authentication page? If so, you would probably be better suited to put the site behind a reverse proxy server that controlled access to it. –  Erik Funkenbusch Feb 2 at 16:04
    
I want to use both authentication step by step - at first user login to the server (all pages hide by windows authentication) - then(after windows logged) they see Homepage(as an example ) but if they have a login and password they can pass throw Login and have got secure side of this site - but now it's impossible because User.Identity fill by windows authentication - how can i do disable this context User.Identity for windows authentication but save a first login by Windows and second by form –  AleksP Feb 2 at 16:44
    
@AleksP - I really don't understand why you need them to have separate credentials. Just give them role based access based on their windows identity (access to what they have rights to). But as I said, the way to do this is with a reverse proxy server. –  Erik Funkenbusch Feb 2 at 16:47

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.