I use Silverlight, .NET 4 (with VB), RIA Services, and I develop under VS 2010.
I’m trying to develop an application that allows SSO (Single Sign-On, i.e. automatic authentification on the application through Windows user name and Active Directory) and uses Forms authentication (to log against a DB if SSO fails), and this is where I have problems.
What I tried to do is:
-
at application start-up, get Windows user name via a call to the server with RIA services (equivalent of a Web Service), which then returns the name found through the HTTP request (
HttpContext.Current.Request.LogonUserIdentity.Name). Why such a costly call ? Because Windows user name just can’t be accessed on client side, as other stack overflow topics will show you… -
then try to log the user found against the Active Directory: this part is ok.
Part 1 works on local (I indeed have something like “DOMAIN\USER”, but this is because the dev Web server runs on my machine), but when the application is deployed on a remote server it no longer works (I then have “SERVICE NT\NETWORK” which I cannot use).
Do you know how I could get rid of this big issue ? Here are my 1st tracks:
- manage to get user name on client side (but from what I could read that would be a miracle; even using javascript on the default ASP.NET page I couldn’t)
- use NTLM .NET authentification mechanism
- configure IIS or the server used (Windows Server 2008) so that I receive on server side a good “DOMAIN\USER” (maybe via trust settings…?)
- use Windows Authentication, but how could I also validate users against the DB then ?
Thanks for your help, this is driving me nuts… Moreover this is becoming urgent too 🙁
Well, the only way I found was to get user via javascript and ActiveX control:
Of course this raises deployment issues since:
I was lucky since 1st point was specifically mentionned, for point 2 I used a
.regfile to be executed on all computers, couldn’t find better.