| |
|
What is mixed mode authentication in ASP.NET?
Mixed mode authentication in an asp.net web application has the ability to feature both
Forms Authentication and Windows Authentication to the end user.
In such a web application, the website user is identified based on whether the user is accessing
the site from within the local domain or an external domain. When the user is from within the domain,
Windows Authentication is applied and thus, the user can be configured to have higher authorization
rights. The users logging into the web application from an external domain access the site
using Forms authentication.
But this is tricky!!! For such an application to work, there needs to be 2 virtual directories
setup for the web application on the IIS. This is because an asp.net web application cannot be set to two
different authentication modes.
So if someone asks Can an ASP.NET application support 2 authentication modes at the same time???
the answer is TECHNICALLY NO!, but there is a workaround!!! ... there are always workarounds
for everything in ASP.NET... its so powerful!
The windows authentication site's authentication information is basically used to get information
about the intranet users and this is passed to the web application for Forms authentication. In such a scenario,
the windows authentication information from the windows authentication site in IIS is passed to the Forms Authentication
and thus user role is verified.
Security Authentication Process
Website Admin Tool
Authentication
Authorization
IIS Metabase
Mixed Mode Authentication
Provider Model & Personalization
More Interview Questions...
| |