4

I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario?

Technical Constraints: .NET 3.5 on IIS 6 (IIS 7 is currently a non-starter in our environment)

Thanks!

Improve this question

1 Answer 1

Reset to default
3

There's an old article on MSDN here, which involves a custom 401 redirect set up in IIS - hopefully it's of some help.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.