How do I auto redirect a forms authenticated user to an NT site if they have equivalent credentials on the domain?
I have a requirement that whenever a user logs onto a website using forms based authentication [FBA] that the site checks whether they have a related domain NT user record. There will be a matching lookup table between the ASPNETDB membership database and related domain accounts for users.
Whenever an FBA user logs in and a related domain account is located then the member should be redirected to an alternative site / URL which is Windows NT authenticated rather than FBA. Before transferring them I would like to be able to pre authenticate them on the windows domain rathe开发者_Go百科r than an additional NT Login dialog box coming up and asking them to enter the related NT credentials.
Is it possible to programatically preauthenticate using NT credentials before redirecting a user to an NT authenticated site?
Note: This isn't technically a single sign on style scenario. The FBA / NT authenticated sites are not related other than the relationship between the original FBA credentials and the NT credentials lookup.
Not sure if I completly understand your questions: All users have to authenticate themselves using form based authentication. Afterwards, users who are authenticated to a windows domain are redirecting to another site as users that aren`t. Is my understanding correct? Sounds like a quite unusual scenario.
In general if you want to use the windows authentication as sso mechanism for web applications a protocol called SPNEGO is your friend: http://en.wikipedia.org/wiki/SPNEGO It can be used to exchange Kerberos as well as NTLM Tokens between the user's browser and your web application autmatically. Your web application then needs to check again your active directory if this tokens are valid.
精彩评论