I have a client who wants a ASP.Net web app changed such that it uses NTLM to authenticate users. There are two classes of users, those inside their network including via VPN and those authorised from outside their network (external users). But, users on their Domains are on one AD and the external users are on another AD server.
The only way I know this can be done is to establish trust between the servers. But for some reason, either their IT department doesn't understand that, or they are refusing. I don't know what the issue is as I speak to a middle man. All I get back is that I must check both AD servers. Very frustrating.
I'm pulling my hair out at this point.
So, if their IT department is not interested in changing the setup. Is there anyway using Windows authentication I can somehow check two AD forests. It doesn't seem possible to me because IIS is doing all the authentication work before my app even gets a look in. By the time my app page loads the user is authenticated and authorized.
I can't see any other way to do it, other than with trust. The client does not seem interested in using Forms at all. Which is odd because the app which I am changing currently uses Forms authentication.
The only way I know this can be done is to establish trust between the servers. But for some reason, either their IT department doesn't understand that, or they are refusing. I don't know what the issue is as I speak to a middle man. All I get back is that I must check both AD servers. Very frustrating.
I'm pulling my hair out at this point.
So, if their IT department is not interested in changing the setup. Is there anyway using Windows authentication I can somehow check two AD forests. It doesn't seem possible to me because IIS is doing all the authentication work before my app even gets a look in. By the time my app page loads the user is authenticated and authorized.
I can't see any other way to do it, other than with trust. The client does not seem interested in using Forms at all. Which is odd because the app which I am changing currently uses Forms authentication.
Comment