Yes, you can use these guidelines, with some care.

Basically, on ASP.NET 4.x, WebSharper's own context.UserSession is implemented in terms of Forms authentication, so it will not interface with Windows authentication. Instead, you need to drop to the underlying HttpContext. For example:

1
2
3
4
5
6
7
8
9
10
11
12
13

open System.Web
open WebSharper
open WebSharper.Web

[<Rpc>]
let ctx = Remoting.GetContext()
let httpCtx = ctx.Environment.["HttpContext"] :?> HttpContextBase
async {
match httpCtx.User with
| null -> return None
| user -> return Some user.Identity.Name
}

It would be quite nice, though, to add the ability to provide an alternative implementation of UserSession via some form of IoC.

By on 3/20/2018 9:26 AM ()

Thank you very much! I kindly ask you a suggestion. I've read that

Microsoft makes use of the proprietary NTLanMan (NTLM) authentication scheme for HTTP to provide integrated authentication to IIS web servers. This authentication mechanism allows clients to access resources using their Windows credentials and is typically used within corporate environments to provide single sign-on functionality to intranet sites.

Now I should build an application also on the internet, not only on intranet. Which is the typical (and safe enough) authentication mechanism for internet users? Opening an account in a domain group for them? In particular what's more suitable for a project with WebSharper. You mentioned form authentication: is it a simple password plus https? What's your advice?

By on 3/20/2018 12:18 PM ()