2/12/2014 3:22:11 AM
RE:Override/Relogin Windows Authentication
finally and after reading a lot about IIS authentication on the web I got it working using this approach:
On the site, I enabled Anonymous+Forms Authentication and redirected to a custom winlogon.aspx. I enabled Windows Auth for just this file (ignoring the IIS warning). In the code behind I fetch the windows user from LOGON_USER and redirect immediately to a custom Forms Authentication page I cloned from Kentico's default Form Auth, providing the username as a query parameter.
In my custom Forms Auth I check the name against the DB and authenticate the User or show a regular login page.
Also I had to catch and store the returnUrl in global.asax before it got lost in the redirection process and apply it in my custom logon.aspx again.
Because the site runs with Forms Authentication I'm able to use the default mechanism to override that login and authenticate another Kentico-User. On Logout my windows user is logged in automatically again.
So, assuming a matching Kentico user in place, I always have a user logged in to the CMS. Exactly what I was after, mission accomplished ;)