One of the queries we most often receive from InstantForum.NET & InstantKB.NET users of our Active Directory Module, is "How can I bypass the login step altogether and use my Active Directory/Windows Credentials to authenticate to the system". This is certainly a feature we spent alot of time on in the development of our LDAP module, and this article will hopefully shed some light on how to configure this.Client ConfigurationFirstly, you should note that all clients must have their browsers configured to enable integrated windows authentication, without this, your browser will not send your existing credentials to the server for validation. To enable this in Internet Explorer, simply go to Tools -> Internet Options -> Advancedand ensure the option in the "Security" area of the tree 'Enable Integrated Windows Authentication' is checked.Server ConfigurationYou will find a page added to the KB by the LDAP module "WinLogin.aspx", which handles all seamless logins, this page takes the passed windows credentials and feeds them into the LDAP module, which then processes authentication and uses several verification/safety steps to ensure that the system is not compromised.It is Vital that any client attempting this, is already authenticated to the relevant active directory domain, if they are not, then you will need to trigger this at the server level. Ways to do this vary between IIS 5.0, 6.0 and 7.0, the most common is to set your IIS Security settings to require Windows Authentication to access WinLogin.aspx.
IMPORTANT: Ensure WinLogin.aspx is set as your default document within IIS so this loads as the first page when you request your application folder.
If you wish to be automatically logged in if you are authenticated, you will need to make this page your default page, however, in this case, any users non-authenticated (if you have correctly configured windows authentication on this file) will receive an HTTP 403.2 Error 'Read Access Denied', or a 401.3 Access forbidden area. as such you will need to access the custom errors tab of the website within IIS as illustrated:Alternate Windows Integrated Access StrategiesAlternatively, you can have a sub0domain or some other method, which points towards WinLogin.aspx deliberately, exclusively for your Pre-Authenticated users, and everyone else may use the existing login/authentication system.We reccomend for security reasons, that ONLY internal users use the WinLogin method, and that all external users use the provided authentication form, which may or may not authenticate via Active directory as per your specified configuration.Further Reading for Advanced AdministratorsThe most complex configuration to run, is one with complete seamless windows authentication, and forms authentication, side by side within the same environment, this is made difficult because of the architecture of IIS and was chief among our considerations in the development of the Active Directory Module, The related links below may be of use to you when configuring windows authentication with your installation of the AD Module.Should you have any questions please don't hesitate to open a support ticket or contact us.