|
Home > Archive > IIS Server Security > August 2004 > Optional Authentication?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Optional Authentication?
|
|
| wllmundrwd 2004-08-27, 6:17 pm |
| Hello,
I'd like to enable "optional" authentication for a directory. When a
browser first visits (per session) the directory, they should be prompted for
authentication, and be able to cancel the sign in for anonymous access.
Provided that they authenticate, the scripts will present different options
for the user. I do not have the guest account on my domain enabled, and I
would like to keep it that way...
Thanks,
William
| |
| Ken Schaefer 2004-08-27, 6:17 pm |
| As far as I know, this is not possible to do with IIS & HTTP based
authentication methods (Basic, Digest etc). This is not a function of IIS,
but a function of how HTTP works.
You could either write your own application layer authentication system (eg
using ASP.NET, or php or whatever programming environment you are using), or
you might be able to use an ISAPI filter for this (the ISAPI filter would
trick IIS into thinking that some default credentials had been sent by the
client in the case that the client doesn't send anything).
Cheers
Ken
"wllmundrwd" <wllmundrwd@discussions.microsoft.com> wrote in message
news:E4A2EFA3-E3E7-4289-9F4F-1C52FB41D711@microsoft.com...
> Hello,
> I'd like to enable "optional" authentication for a directory. When a
> browser first visits (per session) the directory, they should be prompted
> for
> authentication, and be able to cancel the sign in for anonymous access.
> Provided that they authenticate, the scripts will present different
> options
> for the user. I do not have the guest account on my domain enabled, and I
> would like to keep it that way...
>
> Thanks,
> William
| |
| Jeff Cochran 2004-08-27, 6:17 pm |
| You might be able to cobble something up through a custom error page
though. Maybe a 401.1 custom page that presented options for users
who didn't authenticate and then the standard page for those who do.
I'm not sure I'd choose that route over a custom authentication scheme
and not using Windows accounts, but it might work.
Jeff
On Fri, 27 Aug 2004 11:27:54 +1000, "Ken Schaefer"
<kenREMOVE@THISadOpenStatic.com> wrote:
>As far as I know, this is not possible to do with IIS & HTTP based
>authentication methods (Basic, Digest etc). This is not a function of IIS,
>but a function of how HTTP works.
>
>You could either write your own application layer authentication system (eg
>using ASP.NET, or php or whatever programming environment you are using), or
>you might be able to use an ISAPI filter for this (the ISAPI filter would
>trick IIS into thinking that some default credentials had been sent by the
>client in the case that the client doesn't send anything).
>
>Cheers
>Ken
>
>"wllmundrwd" <wllmundrwd@discussions.microsoft.com> wrote in message
>news:E4A2EFA3-E3E7-4289-9F4F-1C52FB41D711@microsoft.com...
>
| |
| Ken Schaefer 2004-08-29, 2:48 am |
| The problem with using a custom 401 error page is that most browsers will
never display this - when they encounter a 401 status code, then popup a
login dialogue box. You would need something in your application that is
able to detect a 401 status, and then reset the status to something else (eg
200 OK). You can do this in ASP.NET relatively easily.
Cheers
Ken
"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41341ac7.309986637@msnews.microsoft.com...
> You might be able to cobble something up through a custom error page
> though. Maybe a 401.1 custom page that presented options for users
> who didn't authenticate and then the standard page for those who do.
> I'm not sure I'd choose that route over a custom authentication scheme
> and not using Windows accounts, but it might work.
>
> Jeff
>
> On Fri, 27 Aug 2004 11:27:54 +1000, "Ken Schaefer"
> <kenREMOVE@THISadOpenStatic.com> wrote:
>
>
|
|
|
|
|