[Mono-devel-list] authentication mode "Windows"
sebastien.pouliot at gmail.com
Sat Jul 30 16:41:47 EDT 2005
On Wed, 2005-27-07 at 12:28 +0200, Kolanowski, Jawan wrote:
> I try to migrate a web application (asp.net) from iis to mod_mono 1.0.6
> with apache 2.0.53. The web application uses 'Context.User.Identity'.
> The authentication was performed by the iis (ntlm) against a active
> directory. On the apache i've configured digest authentication with
> apache configuration extract:
> <Location /WebApplication>
> SetHandler mono
> AuthType Basic
> AuthName "WebApplication"
> AuthLDAPBindDN "ldapquery at somewhere.org"
> AuthLDAPBindPassword "****"
> require valid-user
Is that digest ? or basic ?
> web.config extract:
> <authentication mode="Windows" />
> <identity impersonate="false" />
> The authentication with the apache works fine but the web application
> gets no authenticated 'Identity' object ('Identity.IsAuthenticated ==
> false && Identity.Name == ""'). At least I need the name of the
> authenticated account ('Identity.Name'). What's wrong?
Maybe nothing ;-)
Asking for NTLM(Windows) authentication _isn't_ the same, at least from
a security point of view, as doing basic authentication to an LDAP
server. So I don't think we should allow this scenario to work - at
least not by default (i.e. with an identical web.config as IIS is
However, from a functional point of view, this scenario is equivalent to
the original IIS/ASP.NET application - meaning that some applications,
with lower/different security requirements, could benefit from this.
AFAIK Apache/mod_mono/mono don't share enough information to make this
scenario work (at least right now) and I don't know enough about them to
say if this would be an easy task (or not). Maybe Gonzalo can clarify
You could also (well probably) deal with this at the application level
by either :
(a) asking Apache for the information (if possible/available); or
(b) do the LDAP authentication yourself (e.g. with
and finally create (and assign) the Identity object.
More information about the Mono-devel-list