Windows Authorization

tshad

I am trying to set up an intranet at work that will use our Active directory
to authorize our users. We also want them to access the site from the
outside (such as at home) and also be authenticated by our Active Directory.

We don't want to set up a separate Sql setup.

I tried to set up my Web.config file like so:

*************** *************** *************** *************
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>


<compilation defaultLanguage ="vb" debug="true" />


<customErrors mode="Off" />


<authenticati on mode="Windows"/>

<authorizatio n>
allow users="*" />
</authorization>


<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />

<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user id=sa;password= "
cookieless="fal se"
timeout="20"
/>


<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />

</system.web>

</configuration>
*************** *************** *************** **************

I also set the Web Application to Integrated Windows security.

But when I try to access first page, it lets me without asking my
credentials.

What else do I need to do to get this to work?

Thanks,

Tom

Jun 18 '06 #1

Subscribe Reply

1789

Riki

<authorizatio n>
allow users="*" />
</authorization>

This means: access to all users.

Change it to:

<authorizatio n>
allow users="*" />
deny users="?" />
</authorization>

Riki

tshad wrote:

I am trying to set up an intranet at work that will use our Active
directory to authorize our users. We also want them to access the
site from the outside (such as at home) and also be authenticated by
our Active Directory.

We don't want to set up a separate Sql setup.

I tried to set up my Web.config file like so:

*************** *************** *************** *************
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>


<compilation defaultLanguage ="vb" debug="true" />


<customErrors mode="Off" />


<authenticati on mode="Windows"/>

<authorizatio n>
allow users="*" />
</authorization>


<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />

<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user
id=sa;password= " cookieless="fal se"
timeout="20"
/>


<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />

</system.web>

</configuration>
*************** *************** *************** **************

I also set the Web Application to Integrated Windows security.

But when I try to access first page, it lets me without asking my
credentials.

What else do I need to do to get this to work?

Thanks,

Tom

Jun 18 '06 #2

Erik Funkenbusch

On Sun, 18 Jun 2006 09:49:57 +0200, Riki wrote:

<authorizatio n>
allow users="*" />
</authorization>

This means: access to all users.

Change it to:

<authorizatio n>
allow users="*" />
deny users="?" />
</authorization>
Riki

Actually, the deny should be first. The way ASP.NET does things is that it
only processes rules until it reaches one that succeeds. Since you list
allow users="*", which means allow everybody, that rule will be evaluated
first, and since this will succeed, it will not evaluate the second rule to
deny unauthenticated users.

Jun 19 '06 #3

tshad

"Erik Funkenbusch" <er**@despam-funkenbusch.com > wrote in message
news:12******** *******@funkenb usch.com...

On Sun, 18 Jun 2006 09:49:57 +0200, Riki wrote:
<authorizatio n>
allow users="*" />
</authorization>

This means: access to all users.

Change it to:

<authorizatio n>
allow users="*" />
deny users="?" />
</authorization>
Riki
Actually, the deny should be first. The way ASP.NET does things is that

it only processes rules until it reaches one that succeeds. Since you list
allow users="*", which means allow everybody, that rule will be evaluated
first, and since this will succeed, it will not evaluate the second rule to deny unauthenticated users.

I did make the change (there was a small error where is was missing the left
angle bracket) but I am still able to get to the home page with out any
logon screen from windows.

Is there something else I need to do?

Remember, I am at home and trying to log on, so it should be asking be for a
logon.

Thanks,

Tom

Jun 19 '06 #4

Erik Funkenbusch

On Sun, 18 Jun 2006 21:02:22 -0700, tshad wrote:

I did make the change (there was a small error where is was missing the left
angle bracket) but I am still able to get to the home page with out any
logon screen from windows.

Is there something else I need to do?

Remember, I am at home and trying to log on, so it should be asking be for a
logon.

Your web.config you posted is not valid. For example, you have a closing
</system.web> but no opening one.

It's hard to say what your problems are with incomplete information.

Jun 19 '06 #5

Riki

How are you testing, with IIS or with the Cassini webserver from VS2005?
The latter will use the credentials of the logged on user for running
ASP.NET.

--

Riki

"tshad" <tf*@dslextreme .com> wrote in message
news:ea******** ******@TK2MSFTN GP05.phx.gbl...

I am trying to set up an intranet at work that will use our Active
directory
to authorize our users. We also want them to access the site from the
outside (such as at home) and also be authenticated by our Active
Directory.

We don't want to set up a separate Sql setup.

I tried to set up my Web.config file like so:

*************** *************** *************** *************
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>


<compilation defaultLanguage ="vb" debug="true" />


<customErrors mode="Off" />


<authenticati on mode="Windows"/>

<authorizatio n>
allow users="*" />
</authorization>


<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />

<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user
id=sa;password= "
cookieless="fal se"
timeout="20"
/>


<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />

</system.web>

</configuration>
*************** *************** *************** **************

I also set the Web Application to Integrated Windows security.

But when I try to access first page, it lets me without asking my
credentials.

What else do I need to do to get this to work?

Thanks,

Tom

Jun 19 '06 #6

tshad

"Riki" <ri**@dontnagme .com> wrote in message
news:%2******** ********@TK2MSF TNGP03.phx.gbl. ..

How are you testing, with IIS or with the Cassini webserver from VS2005?
The latter will use the credentials of the logged on user for running
ASP.NET.
I am running from IIS on the Windows 2003 Web Server Edition.

Tom
--

Riki

"tshad" <tf*@dslextreme .com> wrote in message
news:ea******** ******@TK2MSFTN GP05.phx.gbl...
I am trying to set up an intranet at work that will use our Active
directory
to authorize our users. We also want them to access the site from the
outside (such as at home) and also be authenticated by our Active
Directory.

We don't want to set up a separate Sql setup.

I tried to set up my Web.config file like so:

*************** *************** *************** *************
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>


<compilation defaultLanguage ="vb" debug="true" />


<customErrors mode="Off" />


<authenticati on mode="Windows"/>

<authorizatio n>
allow users="*" />
</authorization>


<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />

<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user
id=sa;password= "
cookieless="fal se"
timeout="20"
/>


<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />

</system.web>

</configuration>
*************** *************** *************** **************

I also set the Web Application to Integrated Windows security.

But when I try to access first page, it lets me without asking my
credentials.

What else do I need to do to get this to work?

Thanks,

Tom

Jun 19 '06 #7

Erik Funkenbusch

On Mon, 19 Jun 2006 06:32:46 -0700, tshad wrote:

"Riki" <ri**@dontnagme .com> wrote in message
news:%2******** ********@TK2MSF TNGP03.phx.gbl. ..
How are you testing, with IIS or with the Cassini webserver from VS2005?
The latter will use the credentials of the logged on user for running
ASP.NET.

I am running from IIS on the Windows 2003 Web Server Edition.

Is the web server a member of the domain?

Jun 19 '06 #8

tshad

"Erik Funkenbusch" <er**@despam-funkenbusch.com > wrote in message
news:1m******** ********@funken busch.com...

On Sun, 18 Jun 2006 21:02:22 -0700, tshad wrote:
I did make the change (there was a small error where is was missing the
left
angle bracket) but I am still able to get to the home page with out any
logon screen from windows.

Is there something else I need to do?

Remember, I am at home and trying to log on, so it should be asking be
for a
logon.

Your web.config you posted is not valid. For example, you have a closing
</system.web> but no opening one.

It's hard to say what your problems are with incomplete information.

You're right.

Not sure why I missed that.

It now asks for authentication outside and inside. But there are a couple
of anomalies.

One is that it doesn't ask for the logon on the home page, but it does for
all the other pages. They are all in the same root folder. The home page
is index.htm and not index.aspx - is this the reason?

On the inside (at work) we are already logged onto the network, but it still
asks us to log on.

The other problem is that I and a couple others only have to put in our
logon names and others have to put in the Domain/logon.

Not sure why that is. I can log in outside and inside without the Domain.

Also, for those that try to login and cannot, they get back the website name
as the Domain (which I assume is why their logon fails -
intranet.ft.com/jfranks). But if they put in the actual domain
(ft0/jfranks), it works fine.

Thanks,

Tom

Jun 19 '06 #9

tshad

"Erik Funkenbusch" <er**@despam-funkenbusch.com > wrote in message
news:kl******** ******@funkenbu sch.com...

On Mon, 19 Jun 2006 06:32:46 -0700, tshad wrote:
"Riki" <ri**@dontnagme .com> wrote in message
news:%2******** ********@TK2MSF TNGP03.phx.gbl. ..
How are you testing, with IIS or with the Cassini webserver from VS2005?
The latter will use the credentials of the logged on user for running
ASP.NET.

I am running from IIS on the Windows 2003 Web Server Edition.

Is the web server a member of the domain?

Yes.

As I mentioned in my other post a couple of minutes ago, I was missing the
<system.web>, which fixed that problem.

It is part of the Domain. And some can connect without putting in the
domain name and some people have to put the domain name in.

The Domain is (either ft0 or ft.com) and both allow users to logon. But if
a person is not able to logon, it redisplays as intranet.ft.com \jfranks
(which is intranet domain\logon). They then need to put in ft.com\jfranks
or ft0\jfranks to log on.

Tom

Jun 19 '06 #10

Similar topics

1995

AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!

by: phreeskier | last post by:

i want to implement authorization with windows authentication and don't have the slightest clue of how to do this implementation. the basic windows authentication for this .NET application is already setup. my problem lies within my inability to manipulate the username captured in the authentication process and my knowledge of how IIS is involved. specifically, i have the following questions: 1) what object(s) can be used so that the...

ASP / Active Server Pages

528

Windows Authentication

by: Mark | last post by:

When our staff are logged into a computer on our domain, they're still prompted for their domain login and password to get into our ASP.NET application in Internet Explorer when using Windows Authentication. Is it possible to leverage the windows authentication from a client pc that is already on the domain and authenticated?? Thanks in advance. Mark

C# / C Sharp

1532

Configuring Windows Auth & Forms Auth in Asp.Net

by: Chris Mohan | last post by:

Hi, I've configured a web app to use windows authentication and also set up two separate subdirectories to use forms authentication. It appears to work fine but I have never seen a sample that demonstrates both in the same web.config and I don't like assuming i've done this correctly and securely. Please take a look at the following from my web.config and let me know what you think(its not the full config-- just stripped down to its...

ASP.NET

3839

windows authentication: how to catch the case a user entered a wrongpassword

by: Dan | last post by:

hi ng, i have a problem with windows authentification. i want to forward every user who 1. is not authorized 2. or could not be authenticated to a login page -------------------

ASP.NET

2420

WIndows vs Form authentification ????

by: serge calderara | last post by:

Dear all, I clearly underdand the advantage of both type of authentification but is it allowed or possible to set the Authentication mode to Windows and then handle a login form for defined users in Credential section like as follow : <authentication mode="Windows" > <forms loginUrl="Login.aspx"> <credentials passwordFormat="Clear"> <user name="Jessee" password="JuneBug"/>

ASP.NET

2541

problems with windows basic authentication

by: sefe dery | last post by:

hi ng, i try to create a asp.net 1.0 website on windows server 2003(Servername: ServerX) with iis 6.0. PROBLEM: The user should login with his windows credentials in basic.aspx and automatically redirect to his own files. i have the following file-structure:

ASP.NET

1932

Windows Authenticaiton with custom Roles

by: charles | last post by:

Hi, I am trying to port my ASP application to ASP.Net 2.0 My application is sold to large corporations that have many thousands of users. So I do not use Forms authentication. To make it more convenient for them I developed a custom hybrid model of authentication and authorization. You see, the site administrator is often a non-technical person and

ASP.NET

1966

asp.net windows authentication

by: DK | last post by:

I have an intranet application I've built using asp.net 3.5 / running on IIS6. The problem: when a user trys to access a page that they do not have access to, they are given the annoying windows authentication popup, which is useless because they are denied in the web.config file. After 3 tries or hitting cancel, they are then directed to the Access Denied page. How can I get rid of that popup ???

ASP.NET

9150

WCF Security: How restrict an endpoint to only response to a given windows user or group?

by: Max2006 | last post by:

Hi, I am trying to limit my wcf service endpoint to response to only given windows user or group. How can I do that? Is there any way to configure that in the .config file? Thank you, Max

.NET Framework

8991

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9321

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

9247

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

8242

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6796

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6074

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4602

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

3312

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2215

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General