SharePoint 2010 automatic sign-in with mixed authentication

SharePoint 2010 comes with a nice new feature that aims to solve this problem: Mixed Authentication. It allows for the configuration of multiple authentication providers (Windows authentication, forms authentication, trusted Identity providers) together using the same url, without having to extend the web application. Both external and internal users would access the web site on for example.

By default the user has to choose the authentication method when upon logging in.
While this is very nice, and a great improvement over the previous version, the downside is that there is no more transparent authentication in an intranet environment.
With the correct browser settings is it possible to log on automatically when using windows authentication.

In Internet Explorer it can be configured in the security settings of the Local Intranet zone. These settings can also be pushed through group policies.

If the intranet is configured correctly, or “detected automatically”, all login attempts will transparently use the windows identity.
Each time a user tries to access the intranet, each time he tries to open a document stored on the intranet, he gets the same login popup.

In an intranet environment, this is simply unacceptable.


This project aims to solve this issue


You get automatic selection of the right authentication provider based on IP address mapping.
When using Windows Authentication for an intranet environment this brings back transparent authentication based on the Windows credentials.

  • Transparent sign-in with Windows Authentication, when using multiple authentication providers. No more '
  • Support for IPv6
  • Map IP addresses to an authentication provider
  • Wildcard mapping
  • Configuration through Powershell


The solution consists of two parts

  • A custom PowerShell snap-in that is used to manage the mappings between IP addresses and authentication providers. The mapping is stored in the Hierarchical Object Store, on the level of the Web Application.
  • A custom sign-in page. When the custom sign-in page is loaded it will first check the IP address of the user. Then it will check if the address is mapped to an authentication provider. If it is mapped, the user will be redirected to the sign-in page of that provider. In other words, if the mapping is found the “Select the credentials you want to use to logon to the SharePoint site” step of the sign in process is automated.


You can visit our project page on CodePlex

Free tools Free tools

Op 09/07/2010 door Orbit One

blog comments powered by Disqus