Win Forms Authentication
Over the past few days I have been trying to help an individual solve a problem trying to authenticate users across multiple domains using web forms as the authentication process. I have gotten most of the things working properly so far, but not everything. I have thought of solutions to almost all of the problems except one, but some of them I am scared to attempt to implement due to the fact that they may not be best coding practices.
Outstanding Issues
1. Having the ability to impersonate any user on any domain that is authenticated to login. The issue here is that the only way I have found to get a user token which is needed to impersonate a user, is by using the Windows API LogonUser function. The only issue with this function is that it only logs into the local machine that it was called from even though the machine may or may not be the domain. Secondly for this function to work the user must have logon access to the machine where LogonUser was called.
2. If we decided to get away from the whole impersonation side of things almost everything works great, except access to the AD. This solution could easliy be solved by storing the username, domain, and password in a session, but I don't feel this is a good idea. The other option would be to store the Directory entry object in the session, but once again I don't think this is a good idea either.
I am kind of dwelling on these issues doing more and more research everyday, trying to figure out what is the best path to take. I am sure the solution will come sooner or later, maybe it's just sitting right infront of me and I don't see it yet.