4
votes

I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario?

Technical Constraints: .NET 3.5 on IIS 6 (IIS 7 is currently a non-starter in our environment)

Thanks!

1

1 Answers

3
votes

There's an old article on MSDN here, which involves a custom 401 redirect set up in IIS - hopefully it's of some help.