I need to implement something like Single Sign On for a application that is being used on both Intranet and Internet. Now , the application uses its own table for storing User information and has more users than that present in the AD for the Company. Example contract workers/3rd party vendors etc and hence many users who don't belong to the Active directory of domain are listed in the User Table.
The Application is a bit old and currently it uses Form to authenticate the users.
But strangely authentication mode in the web.config file has the following entry for authentication. <authentication mode="None" />
I changed the authentication mode to Windows in web.config and in IIS 6 selected integrated Windows authentication and unchecked the anonymous access.
Now I have following two scenarios.
#1 Intranet
User logs in to the system using the System Credential which is stored in a AD
Now if user hits the link for the web application he should be logged in.
I have implemented this part by using Page.User.Identity.name in the Page load of login.aspx to check if the user exists in the DB.
#2 Internet
If I check it from a external network the browser prompts me for credential.
The requirement is that the user should not be prompted for credential instead should be shown the current Login page
I googled and ended up on stackoverflow every time. Sadly the solutions did not work out for me.
I stumbled upon this post by Scott Enabling Windows Authentication within an Intranet ASP.NET Web application and if you check the comments Scott refers to use of solution by commenter ripster in case application is accessed from internet as well as intranet. Though it didn't work out for me or may be I didn't do it properly.
