[note: this entry was originally posted on DotNetJunkies.com.  Since it invites a lot of comments, I had to repost it here, where it can receive comments and I don't get buried in blog spam.]

Here are a couple of references for mixing Forms Authentication with Windows Authentication.  I had to do this when an app designed for internal use needed to be exposed to our business partners.  I used a slightly modified version of Paul Wilson's method (second reference), and it works great.

Mixed Mode Authentication
source: http://aspalliance.com/553

This article will demonstrate how to use Windows Integrated Authentication and Forms Authentication for one web application. Use Windows Integrated Authentication for seamless logon, and use Forms authentication for users unable to use Windows Integrated authentication (such as non-intranet users) and all with the same role-based access model.

Mixing Forms and Windows Security in ASP.NET (ASP.NET Technical Articles)
source: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/MixedSecurity.asp

ASP.NET developers have been asking for a way to combine Forms and Windows security. Paul Wilson provides a solution that does just that; it captures the Windows username, if possible, and otherwise redirects users to a logon screen.

Paul's MSDN article sparked some discussion on ASP.NET and his personal blog.  Here's that discussion:

http://www.asp.net/Forums/ShowPost.aspx?tabindex=1&PostID=448565

http://weblogs.asp.net/pwilson/archive/2004/02/02/66155.aspx

As I said above, I receive a lot of questions as to how I made this work.  For that answer, read How I Made Windows Authentication and Forms Authentication Work Together

Sponsor