Messages
Reply
Edit
Delete04:41 am
3PC0A1LRF
| From: | Rick Strahl |
| To: | Mike McDonald |
This only works with Internet Explorer and only in an internal network where the users is on the logged in domain.
Otherwise no.
+++ Rick ---
All -
Is there any way to set something in the response of an HTML page that would cause the visitor's browser to become authenticated within IIS, without bringing up the authentication dialog?
Our system allows users to log into the website, which we track using a session cookie and the wwSession table. This concerns our own user database, and has nothing to do with IIS authentication. Most subsequent requests go through our web app and it will confirm the user as necessary.
However, depending on the client, our pages include links to other media files (PDF files, etc) located within certain subfolders. Right now these subfolders allow Anonymous Access, and anybody could view the files if they have the appropriate links. There is really nothing 'critical' in these files, but the client would like to have it set so that anyone hitting these links be confirmed as being 'logged in' (to our system).
What I would like to do is when a user logs in, we send something in the response that causes that browser session to become authenticated automatically, instead of bringing up the authentication dialog and the user having to know the proper credentials. Then we could set the appropriate subfolders to require authentication before serving up the files. These files are not getting served through the WC app, but directly from IIS.
Is this possible, or is the authentication dialog required to be shown to the user for security reasons?
- Mike McDonald
Software Design of Kentucky
West Wind Technologies
Making waves on the Web
