Forms and WIndows based Authentication

For Intranet applications I've done where I want to use NTLM I've done the following:

1. Create a web application which uses Forms authentication.
   
2. Set the loginUrl attribute of the forms element to "AutoLogon/AutoLogon.aspx" and set the .
   
3. Create a virtual folder beneath the we app called AutoLogon which is itself an application.
   
4. Set the AutoLogon web.config to use the settings you describe above.
   
5. Add the following (simplified) code to the page AutoLogon.aspx IPrincipal ip = HttpContext.Current.User; IIdentity id = ip.Identity; FormsAuthentication.Initialize(); FormsAuthentication.SetAuthCookie(id.Name, false); HttpContext.Current.Response.Redirect("../", false); What this gives you is all combination of NTLM authentication without having to authenticate every page using NTLM as you can rely on the forms authentication scheme. You can also easily tie together a custom authorisation scheme with NT/Active Directory groups.

ScottGu's Blog : Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application

technorati tags:asp.net, Security