Using Windows Authentication in ASP

John wrote:

I am creating an application that I would like to have the user type
in their User ID, password and domain, and it do Windows
Authentication to verify they are a valid user. Can someone provide
me with any assistance on this by sample code, or a pointer to a site
that goes over this? Thanks.

JR

No code is required for this. Just turn on Windows Authentication and shut
off Anonymous access in your website properties using IIS Manager.

Bob Barrows

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Don't think this is usable as I noticed I left off a piece of the
picture. I want to do a two part authentication. First they are
authenticated against the domain, and then second of course, it checks
to see in a table in the application if the user exists and if they
are active. I need something that can check what they type in is
valid, regardless of if they are physically on the domain or not and
have it pass back a 1 or 0 if the Windows Authentication was valid.
Then check in the application to also see if this user is value. May
do it the other way around since checking Windows Authentication if
the username they type in is not even in the application is really
pointless.

JR

"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message news:<uK**************@TK2MSFTNGP15.phx.gbl>...

John wrote:

I am creating an application that I would like to have the user type
in their User ID, password and domain, and it do Windows
Authentication to verify they are a valid user. Can someone provide
me with any assistance on this by sample code, or a pointer to a site
that goes over this? Thanks.

JR

No code is required for this. Just turn on Windows Authentication and shut
off Anonymous access in your website properties using IIS Manager.

Bob Barrows

John wrote:

Don't think this is usable as I noticed I left off a piece of the
picture. I want to do a two part authentication. First they are
authenticated against the domain, and then second of course, it checks
to see in a table in the application if the user exists and if they
are active. I need something that can check what they type in is
valid, regardless of if they are physically on the domain or not and
have it pass back a 1 or 0 if the Windows Authentication was valid.

I don't know of a way to do both. You're either doing Windows
Authentication, in which case users MUST have domain accounts, or you're
doing Basic authentication. They're pretty much mutually exclusive.

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

I was hoping there would be physical code that could do Windows
Authentication rather than relying directly on IIS. I want the user
to have to type in their username and password as in the event that
someone leaves their computer unlocked, someone could open a browser
and go to the site. Leaving out the second part of my security model,
is there any physical code that could be executed to use Windows
Authentication?

Thanks.

JR

"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message news:<eZ**************@TK2MSFTNGP09.phx.gbl>...

John wrote:

Don't think this is usable as I noticed I left off a piece of the
picture. I want to do a two part authentication. First they are
authenticated against the domain, and then second of course, it checks
to see in a table in the application if the user exists and if they
are active. I need something that can check what they type in is
valid, regardless of if they are physically on the domain or not and
have it pass back a 1 or 0 if the Windows Authentication was valid.

I don't know of a way to do both. You're either doing Windows
Authentication, in which case users MUST have domain accounts, or you're
doing Basic authentication. They're pretty much mutually exclusive.

..NET includes Form Authentication

"John" <jr*****@yahoo.com> wrote in message
news:e6**************************@posting.google.c om...

I was hoping there would be physical code that could do Windows
Authentication rather than relying directly on IIS. I want the user
to have to type in their username and password as in the event that
someone leaves their computer unlocked, someone could open a browser
and go to the site. Leaving out the second part of my security model,
is there any physical code that could be executed to use Windows
Authentication?

Thanks.

JR

"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message

news:<eZ**************@TK2MSFTNGP09.phx.gbl>...

John wrote:

Don't think this is usable as I noticed I left off a piece of the
picture. I want to do a two part authentication. First they are
authenticated against the domain, and then second of course, it checks
to see in a table in the application if the user exists and if they
are active. I need something that can check what they type in is
valid, regardless of if they are physically on the domain or not and
have it pass back a 1 or 0 if the Windows Authentication was valid.

I don't know of a way to do both. You're either doing Windows
Authentication, in which case users MUST have domain accounts, or you're
doing Basic authentication. They're pretty much mutually exclusive.