I have a website that I work on that has both an intranet and an Internet deployment. The only difference between the two options is a few configuration settings.
The Internet version works fine because it uses only forms authentication (which is defined in its web configuration), and if the user is not registered, it is sent to the login page.
The intranet version is a bit more complicated ... when the user first visits the site, the http context object object is set correctly with WindowsPrincipal, but using this information, I confirm that the user is allowed access to the application, and then I create my own instance of IPrinciple.
Given this, there are several things that I want to do here ... I want to use the WindowsPrincipal object as the basis for user authentication, but then from this point forward I use forms authentication (that is, using a cookie to store auth details and so on). .P). I also need an instance of the principle that I get from the HTTP context in order to have my IPrinciple type.
How should I do this? As in the case, I have to look at global.asax Session_Start to execute the authentication logic, and then somehow get it to store my custom IPrinciple (so for any request after this point, the instance is my user principle), or I'm better just do something with Application_AuthenticateRequest.
Cheers Anthony