authentication - what is being used

Stephanie Stowe

I am new to ASP.NET having come from ASP classic background. I need to
understand authentication. I have a server running IIS which contains an
ASP.NET app. On IIS the app has both anonymous and Windows Integrated
Authentication enabled. In the ASP.NET app, the web.config file contains

<authenticati on mode="Windows" />

The help on this element says of this setting

Specifies Windows authentication as the default authentication mode. Use
this mode when using any form of Microsoft Internet Information Services
(IIS) authentication: Basic, Digest, Integrated Windows authentication
(NTLM/Kerberos), or certificates.

A user running IE6 (which is all of our users) also has User Authentication
settings in IE from which one might choose Anonymous, Automatic logon only
in Intranet zone, Automatic logon with current user name and password and
Prompt for user name and password.

I am trying to determine which set of credentials are being used when a
customer logs into the site. The only thing I do not know (and cannot know
until 11:30 or so when west coast shows up) is exactly what the IE
authentication settings are. The site is in the IntERnet zone. And I *think*
that they have Automatic logon only in Intranet zone.

My question is, with all these settings in different places, how is the
actual set of credentials determined?

Thanks!

Nov 18 '05 #1

Subscribe Reply

2493

Teemu Keiski

It's the set of credentials that the IIS has access to (the ones the web
server knows about). So if client and server share same server (e.g domain
etc) , then they could have common user dbs in the sae domain or trusted
zone, then user's logon detals on his/her desktop could be recognized at the
web application (and no extra logon would be required)

Here is more information about Windows Authentication in this guide:

(Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication)
http://msdn.microsoft.com/library/de...cnetlpmsdn.asp

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke
"Stephanie Stowe" <No****@IWishIC ould.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..

I am new to ASP.NET having come from ASP classic background. I need to
understand authentication. I have a server running IIS which contains an
ASP.NET app. On IIS the app has both anonymous and Windows Integrated
Authentication enabled. In the ASP.NET app, the web.config file contains

<authenticati on mode="Windows" />

The help on this element says of this setting

Specifies Windows authentication as the default authentication mode. Use
this mode when using any form of Microsoft Internet Information Services
(IIS) authentication: Basic, Digest, Integrated Windows authentication
(NTLM/Kerberos), or certificates.

A user running IE6 (which is all of our users) also has User Authentication settings in IE from which one might choose Anonymous, Automatic logon only
in Intranet zone, Automatic logon with current user name and password and
Prompt for user name and password.

I am trying to determine which set of credentials are being used when a
customer logs into the site. The only thing I do not know (and cannot know
until 11:30 or so when west coast shows up) is exactly what the IE
authentication settings are. The site is in the IntERnet zone. And I *think* that they have Automatic logon only in Intranet zone.

My question is, with all these settings in different places, how is the
actual set of credentials determined?

Thanks!

Nov 18 '05 #2

bruce barker

when IIS responds with a authenication required response, it sends a list
(based on how you configured the website) of all authenication protocols it
will accept, in order of preference. the browser is free to pick any it
likes.

typically IE, if nt c/r is available and the host is trusted the browser
will send the users current logon credentials.

-- bruce (sqlwork.com)

"Stephanie Stowe" <No****@IWishIC ould.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..

I am new to ASP.NET having come from ASP classic background. I need to
understand authentication. I have a server running IIS which contains an
ASP.NET app. On IIS the app has both anonymous and Windows Integrated
Authentication enabled. In the ASP.NET app, the web.config file contains

<authenticati on mode="Windows" />

The help on this element says of this setting

Specifies Windows authentication as the default authentication mode. Use
this mode when using any form of Microsoft Internet Information Services
(IIS) authentication: Basic, Digest, Integrated Windows authentication
(NTLM/Kerberos), or certificates.

A user running IE6 (which is all of our users) also has User Authentication settings in IE from which one might choose Anonymous, Automatic logon only
in Intranet zone, Automatic logon with current user name and password and
Prompt for user name and password.

I am trying to determine which set of credentials are being used when a
customer logs into the site. The only thing I do not know (and cannot know
until 11:30 or so when west coast shows up) is exactly what the IE
authentication settings are. The site is in the IntERnet zone. And I *think* that they have Automatic logon only in Intranet zone.

My question is, with all these settings in different places, how is the
actual set of credentials determined?

Thanks!

Nov 18 '05 #3

Scott Allen

Hi Stephanie:

In addition to other's comments, there is an ASP.NET Identity Matrix
on MSDN which might help:
http://msdn.microsoft.com/library/de...SecNetAP05.asp

--
Scott
http://www.OdeToCode.com/

On Wed, 29 Sep 2004 09:27:58 -0400, "Stephanie Stowe"
<No****@IWishIC ould.com> wrote:

I am new to ASP.NET having come from ASP classic background. I need to
understand authentication. I have a server running IIS which contains an
ASP.NET app. On IIS the app has both anonymous and Windows Integrated
Authenticati on enabled. In the ASP.NET app, the web.config file contains

<authenticatio n mode="Windows" />

The help on this element says of this setting

Specifies Windows authentication as the default authentication mode. Use
this mode when using any form of Microsoft Internet Information Services
(IIS) authentication: Basic, Digest, Integrated Windows authentication
(NTLM/Kerberos), or certificates.

A user running IE6 (which is all of our users) also has User Authentication
settings in IE from which one might choose Anonymous, Automatic logon only
in Intranet zone, Automatic logon with current user name and password and
Prompt for user name and password.

I am trying to determine which set of credentials are being used when a
customer logs into the site. The only thing I do not know (and cannot know
until 11:30 or so when west coast shows up) is exactly what the IE
authenticati on settings are. The site is in the IntERnet zone. And I *think*
that they have Automatic logon only in Intranet zone.

My question is, with all these settings in different places, how is the
actual set of credentials determined?

Thanks!

Nov 18 '05 #4

Similar topics

9276

HTTP - basic authentication example.

by: Michael Foord | last post by:

#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. # No warranty express or implied for the accuracy, fitness to purpose

Python

3692

Windows authentication

by: Bob Everland | last post by:

I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no boxes come up. I want an ASP page to sit between the user and the ISAPI application. The rest of my application is using authentication that is database driven and wouldn't want the users to know the userid and password. Is this possible? If so...

ASP / Active Server Pages

4217

ASP.NET Forms Authentication Best Practices

by: Anonieko Ramos | last post by:

ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET Applications and owner of Access Microsystems. Doug can be reached at doug@accessmicrosystems.com. --------------------------------------------------------------------------------

ASP.NET

7739

authentication mode error

by: Joe | last post by:

What I want to do is make only one page require a login. The application itself works fine. I'm getting the following error: Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. Source Error:

ASP.NET

3402

Sun Java System Directory Server Authentication

by: troywalker | last post by:

I am new to LDAP and Directory Services, and I have a project that requires me to authenticate users against a Sun Java System Directory Server in order to access the application. I have found dozens of examples of how to authenticate users against Active Directory, but AD seems to be a different animal than Sun Java System Directory Server. Could someone provide me with an example of how to authenticate a user against a Directory...

C# / C Sharp

13786

About the web service using Integrated windows authentication

by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:

Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web service run in an application pool which runs under a domain user, this domain user has permissions of accessing database and the connection to database is trusted connection. All these work well. The web application will be used in internet (not...

.NET Framework

7568

NTLM authentication

by: webrod | last post by:

Dear All, let's say I have a web service. I would like to authenticate users who try to access it. I am on a winnt server so I will have to use NTLM but I don't want to use IIS settings. Is there a way to authenticate a user using WSE 3.0 against NTLM?? All the samples I have found on the web provide a solution based on

C# / C Sharp

7510

client authentication

by: Frank Swarbrick | last post by:

I am trying to understand "client authentication" works. My environment is DB2/UDB LUW 8.2 on zSeries SLES9 as the database server and DB2 for VSE 7.4 as the client. We currently have DB2/LUW set up as follows: Client Userid-Password Plugin (CLNT_PW_PLUGIN) = Client Kerberos Plugin (CLNT_KRB_PLUGIN) = Group Plugin (GROUP_PLUGIN) = GSS Plugin for Local Authorization ...

DB2 Database

3545

Forms Authentication vs MembershipProvider

by: Rory Becker | last post by:

Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the creation of content which adjusts based on the user. I have several pages which require a user to be logged on and several which do not. Prior to this point in time I have used 2 different master pages. one with a control which checks a session...

ASP.NET

8268

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8202

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8641

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8366

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8510

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7199

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

5575

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4202

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1512

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General