ASP.NET Mixed Mode Authentication

Ever wanted to have an ASP.NET application that utilises the seamless login process of windows integrated authentication (for intranet users for example), but also be able to easily handle anonynous/forms based authentication, and all using the one standard principal object behind the scenes for full role based authorisation support?

I have just written an article that describes one way of doing this.

Would love to hear any feedback.



  • Thanks for the comments Paul. Its interesting to see the many different ways of accomplishing the same goal.

  • Hi,I am having Problem in the web site for FormAuthentication.When I entered into the Windows Authentication Site it redirects to the Form Authentication Site with cookie 'CMUCookie'.
    FormsAuthentication.FormsCookieName equals to also 'CMUCookie'.But the problem is that the codes below in the global.asax in the Form Authentication Site does not execute. That is cookieFound =false. why this is happening?
    I have made the virtual directory as u directed.

    if (cookie.Name == FormsAuthentication.FormsCookieName)
    cookieFound = true;
    authCookie = cookie;

  • I'm trying toimplement something similar to this under 3.5. I want to have users inside outr domain login using their windows ID/Password byt internet users login using a uid password stored in our database. I'm thinking I can use forms authentication with two membership providers (activedirectorymembershipProvide and SqlMembershipprovider). Have you any thoughts on how I might accomplish this?

  • Ralph, you wont do it seamlessly just using membership providers as you will still need to ask for a password, even though they have already logged into the domain. If thats ok, then you probably dont need 2 membership providers, just one that knows which store to check (db or Active Dir).

Comments have been disabled for this content.