Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

automatic login for internal users #24

Closed
ssteiner opened this issue Jul 15, 2015 · 8 comments
Closed

automatic login for internal users #24

ssteiner opened this issue Jul 15, 2015 · 8 comments
Labels
question

Comments

@ssteiner
Copy link

Hi

This is basically picking up on issue 8. I tried implementing the custom RegisterMixedAuth method, but I only get a FakeStatusCode when I try accessing a method behind an authorize tag - and then if I check the app.Context at this point, context.User.Identity is an empty identity. So how'd you go about determining that a user is actually internal?

And as for sania13's post (too bad github doesn't allow PMs..), AuthenticationManager.GetExternalLoginInfoAsync().Result; always returns null so I'm not sure what to do with it either.

Any ideas? Ideally, I'd like users to get to the page, and get the immediate recognition they get if I do a project that does windows authentication only.

Thanks
Stephan
@MohammadYounes
Copy link
Owner

If you are getting the fake status code, then most probably you didn't register MixedAuth in Global.asax (step 2)

how'd you go about determining that a user is actually internal?

Internal or external refers to the network the user is accessing your app from, so IP address would be the way to go.

As for auto windows login, have you tried the workaround described here ? (the 401.html part)

Thanks

@ssteiner
Copy link
Author

Hi
Sorry for the late reply - I was on holidays.
MixedAuth is properly registered and does work just fine. But the user has to select whether to use windows authentication or local authentication in the login page - something I'd like to try and avoid.

I'll give the approach you linked to a whirl later today.

Thanks

@ssteiner
Copy link
Author

Which sections of the web.config does step 3a go into? I tried making a httpHandlers section under system.web and adding the line you posted for 3a, but upon compilation I'm getting warnings that neither name nor preCondition are allowed attributes.

@MohammadYounes
Copy link
Owner

3a is not required here, since you are using OWIN middleware. You only need the 401.html part (4b).

@ssteiner
Copy link
Author

Hi
I think I mixed up something.. first off I started playing with MVC5-MixedAuth (where I did manage to get it working.. the first access to a controller method behind an Authorize Attribute auto logs me in if I'm on a domain machine).

Now off to try if I can change the OWIN-MixedAuth to integrate it all into my own web app.

@ssteiner
Copy link
Author

umm.. I take it I need to modify the MohammadYounes.Owin.Security.MixedAuth project given that this is what I'm currently using from Nuget. However, that gives me a discrepancy to the instructions because now I have no AccountController.Windows.cs to modify.

So, which steps are pertinent for OWIN-MixedAuth? I figure 1, 3b and 4, correct? So I wouldn't even have to make my own build but could keep using the version published to Nuget, correct?

@MohammadYounes
Copy link
Owner

Yes :)

@MohammadYounes
Copy link
Owner

The 401.html approach provides auto windows login for all users. In case you want this to be specific for internal users, follow the steps mentioned here.

Thanks.

@pcbHikeME pcbHikeME mentioned this issue Jan 20, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ssteiner @MohammadYounes