Never really done anything like this before.
Client has a number of web apps hosted internally that they want to expose to external clients over the internet.
This will be via an ASP.Net MVC portal application (which is where I come in). Portal will use forms authentication & user will get a windows identity once authenticated (forms user name = domain\username) as the internal web apps all use windows authentication. This is the only acceptable model so thin client technology with VPN or using forms authentication across the board is out.
So far so good but as soon as a user clicks a link to one of these web apps, everything is done in the context of that user's web browser which means nothing to the target app so a 404 error is returned (presumably trying to access as anonymous user).
I was thinking that instead of a direct link to the target app, the link instead could be a link to an action method on the MVC portal app and the request made under the context of the user's windows id via some kind of proxy class (using HTTPWebRequest). That would work but all the html that gets served up will inevitably be full of relative links to resources etc which will have no context in the scenario of being served up to some remote user's web browser. Again, I could rewrite all these uris and redirect to the portal app and have it make the requests in the same way as the original page was served up but that's a hell of a lot of hoops to jump through just to get this working (though there's an IIS url rewrite module that looks pretty good if it does what it says it does).
Am I making a rod for my own back here? Can't help feeling there must be an easier way of doing it other than this.
Client has a number of web apps hosted internally that they want to expose to external clients over the internet.
This will be via an ASP.Net MVC portal application (which is where I come in). Portal will use forms authentication & user will get a windows identity once authenticated (forms user name = domain\username) as the internal web apps all use windows authentication. This is the only acceptable model so thin client technology with VPN or using forms authentication across the board is out.
So far so good but as soon as a user clicks a link to one of these web apps, everything is done in the context of that user's web browser which means nothing to the target app so a 404 error is returned (presumably trying to access as anonymous user).
I was thinking that instead of a direct link to the target app, the link instead could be a link to an action method on the MVC portal app and the request made under the context of the user's windows id via some kind of proxy class (using HTTPWebRequest). That would work but all the html that gets served up will inevitably be full of relative links to resources etc which will have no context in the scenario of being served up to some remote user's web browser. Again, I could rewrite all these uris and redirect to the portal app and have it make the requests in the same way as the original page was served up but that's a hell of a lot of hoops to jump through just to get this working (though there's an IIS url rewrite module that looks pretty good if it does what it says it does).
Am I making a rod for my own back here? Can't help feeling there must be an easier way of doing it other than this.
Comment