by ZebSadiq
8. April 2010 01:38
In some cases, one of the requirements of a SharePoint project is to provide two versions of the same SharePoint site. One with 'forms' authentication where the users information is stored in a database and the other with 'windows' authentication where the user is authenticated via the active directory. Though its easy to deal with each of these scenarios by writing separate pieces of code, it is not going to as quick as using the out of the box functionality provided by SharePoint 2007.
If you're in a situation where the SharePoint site that you're trying to develop needs to cater for both forms authenticated and windows authenticated situations, you may be puzzled about how to provide both kinds of authentication with the same piece of code. You cannot 'windows authenticate' a user via a custom form.
Luckily, SharePoint 2007 provides a way to get round this issue. As long as the web.config of the SharePoint site is configured correctly, calling the '/_layouts/authenticate.aspx' page will most likely give you what you're looking for.
In the case of windows authentication applied to the SharePoint site, the authenticate.aspx page will prompt the user with the standard windows login dialog box (if the user logged onto the machine does not have permissions to the site).
However, if the authentication mode is set to 'forms', the user will be redirected to the loginUrl that you define in the authentication tags. Bellow is an example.
<authentication mode="Forms">
<forms loginUrl="/pages/login.aspx" defaultUrl="/pages/default.aspx" />
</authentication>
Redirecting the user to the authenticate.aspx is good because it ensures that you're using out of the box functionality and therefore saving time and money on your project.
I've not found an out of box way to log the user out. The out of the box SharePoint menu's at the top of the page provide a method for the user to log out which works for the windows authenticated mode. However if you wish to log the forms authenticated user out, I would recommend writing a custom control with the following as the page load method:
protected void Page_Load(object sender, EventArgs e)
{
if ((Page.User.Identity.IsAuthenticated) && (Page.User.Identity.AuthenticationType.ToLower() == "forms"))
{
FormsAuthentication.SignOut();
Response.Redirect("Insert direction URL");
}
}
Then you can put this control onto the page layout or even a stand alone aspx page where the user can be redirected to be logged out. Remember that redirecting the user again after calling the SignOut() method is important since the page needs to be refreshed for other controls to render the user as being logged out.