Tuesday, December 01, 2009

Trials and tribulations of windows authentication

Windows authentication can be both a blessing and a curse when it comes to developing an intranet based application. From the users perspective, they can use their standard PC login to access the application - functionality which is seamless when using internet explorer. From a developers perspective, you can rely on the network to provide authentication to the various systems that you are integrating, such as databases, reporting services, etc.

Unfortunately, often times passing windows credentials around breaks down, specifically when you begin to grant access to your application outside of the intranet via SSL or perhaps port your application over to using forms authentication, such as we have done recently.

The specific problem I needed to address today was with UniPhi's automated .pdf generation when emailing a document. Windows authentication credentials were not being passed through to the page that renders the pdf attachment when the end user was accessing the application via SSL. The possible solutions provided by a google search were many and varied, several stating that passing through the credentials was unsupported. In the end the solution to the problem was simple - don't pass credentials at all, move the pdf generation to a library rather than calling the asp.net page directly.

It usually pays to sleep on a problem such as this, let the solution come to you.

No comments: