Workflow Soluiton

Hi.

My problem is:

When a user starts my workflow I want them to enter their credentials and then authenticate them with our AD domain. Instead of IIS's Windows authentication I would like to use a custom authentication form. The reason is that with IIS authentication users need to enter username in the form of DOMAIN\username. Our other systems do not ask for the domain (they fill the domain info themselves) and we want our workflows to operate the same way (in user's perspective).

Now, as the user is authenticated, a kerberos authentication token is created. Then stuff happens. Then user is forwared into another workflow in another url.
Question: can I tell the other workflow to somehow accept the kerberos authentication token so that it does not need to ask for user's credentials again?

In more detail: when a user authenticates through IIS's authentication process, he/she can easily access other IIS authentication-secured sites with a  single sign-on as long as the IIS-managed authentication token is alive. But how can this be accomplished with kerberos authentication tokens created in a workflow?

Regards,

Mike

Ps. are there demos on how authentication tokens are used in Workflow solutions?

I'll re-phrase my question:

Windows Login Component and Windows Domain Login Component are basically webforms that ask for credentials, verify those and then create an authentication token (of type ProxySecurity Token). This token can then be passed to Active Directory components. Both these components are an alternative to IIS's athentication method where IIS asks for credentials before letting the user to load the workflow.

But how can I catch the username of the logged-in user into a variable, since the previously mentioned login components do not leak the username out. I even tried to pass the username into a global variable inside the login form, but even that did not stick. And since IIS is not handling the login, Get Current User Component has no idea who is logged in. It's like nothing excapes from the Windows Domain Login Component.

The session ID is what's "leaked out" on the stream for these login components; the username and password are more than likely not leaked out for security reasons.

Hi,

this may help. - Im thinking this is what your asking for.

within the project - in my case its a workflow rather than a webform I add in a 'Dialog Workflow'

double click this. 

then go to the second tab - Interaction Setup. then first '...' on the tab. in to Dialog Model.

this opens a new embedded model.

from in here add in the Windows Domain Login Component. - put it in the flow and right click it click edit component.

in domains add in your domain/s

for now put the log in success and failure to the enddialogworkflowcomponent

then add in a ' form Builder' in line after the login success.

in the Variables bottom left of the screen there is [Global] > LastUser. tick this and drag it on to the white space and when it asks select LabelBuilder [String]

to test it and run in production you will need to set the workflow type on the Publishing tab to 'form start'

This will then when you sussesfully login show you the login name of the User currently logged in.

Passing this authentication to other forms is simple because the standard login box uses the same cookie therefore I login to one of my workflows and then flick to the other it keeps me logged in.

see the attached ( remove the .zip extension and import it)

Attachment(s)

WorkflowProject1.package.zip   1010 KB 1 version

Thanks to all, JHallam's tips proved to be helpfull.