MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

MOSS 2007 - Auto-Login into an Anonymous Site with an AD User Account

  Date: Oct 13    Category: MOSS    Views: 2154

I have a situation where I have a moss 2007 site with anonymous access.
Based on a parameter that is being passed to the site in a querystring, I need
to log the user into the site with an AD account automatically via code. Is
there a good way to do this? I was thinking maybe impersonation is the best way
to go? Any suggestions would be appreciated.



11 Answers Found

Answer #1    Answered On: Oct 13    

Seems like a lot of work.

Why would you create site, allow anonymous access and then log them in using an
AD account?

Why not just let them access the SharePoint resources as needed?

Answer #2    Answered On: Oct 13    

Yes, I agree. Unfortunately, I am walking into a situation that I cannot
change. The system was setup before me and they are having external users
authenticate against another system and then redirected to the MOSS 2007 site
with anonymous access. Why not use FBA, you ask? They just didn't. So now they
want to filter data on the site using audiences. I need to know who the user is
to do this. There will be 5 generic users, not everyone receives their own
login. Based on a parameter that is passed to the site from the system they
originally authenticated in, I will will know what generic user they need to log
in as or impersonate. I just don't know how to auto-log into the site as that
domain user. Thanks!

Answer #3    Answered On: Oct 13    

If a user authenticates against another system, how does the system know which
generic user to use? Or is that what you are trying to figure out?

(The powers that be do understand that audiences provide no security?)

You may want to

or this product from Metalogix:

Answer #4    Answered On: Oct 13    

When the user logs into the other system, there is a parameter that gets
attached to a querystring that is passed to the MOSS system. Based on that
parameter, I will know what region that user belongs to. Then I need to log in
that "anonymous" user with the appropriate generic AD login.

Yes, they know that audiences are not security. They are looking to taylor the
content by region.

Answer #5    Answered On: Oct 13    

If you have a querystring available, it might be easier to just apply
filter(s) based on the querystring rather than trying to do the

Answer #6    Answered On: Oct 13    

That's definitely an idea I will look into! Thank you!
How would you handle displaying and hiding certain web parts using a querystring
instead of the audience?

Answer #7    Answered On: Oct 13    

Unfortunately after some looking...I don't think that will meet my requirement
either. I need the user to be automatically logged in with the generic AD
account. Is there any way to automatically log a generic AD account into MOSS

I have created a test web app that will authenticate the test user against AD.
I was thinking that I could do a response.redirect after being authenticated as
the generic user but MOSS doesn't do anything but open the site with anonymous
access. Is it possible to open the MOSS site as the generic user? I really
appreciate the help...I'm in a bit of a pickle with this problem.

Answer #8    Answered On: Oct 13    
Answer #9    Answered On: Oct 13    

I have been looking at impersonation. I understand the sites that
you listed...the part I am confused on is how do you log into the site as the
impersonated user? I can run the console app and see that my impersonation is
working but I don't understand how to actually open the MOSS site as the
impersonated user?

Answer #10    Answered On: Oct 13    

The bottom line is you cannot easily login programmatically to the site
itself as a another user. You can add code to individual pages and/or
web parts to do impersonation or use something like SharePoint SSO
within the scope of that specific piece of code. The only "site" level
impersonation available in SharePoint is the "Sign in as" functionality
from the drop down menu, but that needs to actually be done by the user.
You might be able to do what you ask using a separate reverse proxy to
identify the user and provide the "generic" authentication credentials,
but that would also require custom code.

Answer #11    Answered On: Oct 13    

Why don't you just use target the users AD group with the audience?
(use an existing one or create a new one)
If you add a new employee to the correct group he would get the correct