I am trying to set up an intranet at work that will use our Active directory
to authorize our users. We also want them to access the site from the
outside (such as at home) and also be authenticated by our Active Directory.
We don't want to set up a separate Sql setup.
I tried to set up my Web.config file like so:
*************** *************** *************** *************
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage ="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly " to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application.
Possible modes are "Windows",
"Forms", "Passport" and "None"
-->
<authenticati on mode="Windows"/>
<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticate d) users.
-->
<authorizatio n>
allow users="*" />
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="tru e", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="tru e".
-->
<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user id=sa;password= "
cookieless="fal se"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />
</system.web>
</configuration>
*************** *************** *************** **************
I also set the Web Application to Integrated Windows security.
But when I try to access first page, it lets me without asking my
credentials.
What else do I need to do to get this to work?
Thanks,
Tom 14 1789
<authorizatio n>
allow users="*" />
</authorization>
This means: access to all users.
Change it to:
<authorizatio n>
allow users="*" />
deny users="?" />
</authorization>
Riki
tshad wrote: I am trying to set up an intranet at work that will use our Active directory to authorize our users. We also want them to access the site from the outside (such as at home) and also be authenticated by our Active Directory.
We don't want to set up a separate Sql setup.
I tried to set up my Web.config file like so:
*************** *************** *************** ************* <?xml version="1.0" encoding="utf-8" ?> <configuratio n>
<!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage ="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES Set customErrors mode="On" or "RemoteOnly " to enable custom error messages, "Off" to disable. Add <error> tags for each of the errors you want to handle. --> <customErrors mode="Off" />
<!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None" --> <authenticati on mode="Windows"/>
<!-- AUTHORIZATION This section sets the authorization policies of the application. You can allow or deny access to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous (unauthenticate d) users. --> <authorizatio n> allow users="*" /> </authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="tru e", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from your web application root. --> <trace enabled="false" requestLimit="1 0" pageOutput="fal se" traceMode="Sort ByTime" localOnly="true " />
<!-- SESSION STATE SETTINGS By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="tru e". --> <sessionState mode="InProc" stateConnection String="tcpip=1 27.0.0.1:42424" sqlConnectionSt ring="data source=127.0.0. 1;user id=sa;password= " cookieless="fal se" timeout="20" />
<!-- GLOBALIZATION This section sets the globalization settings of the application. --> <globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />
</system.web>
</configuration> *************** *************** *************** **************
I also set the Web Application to Integrated Windows security.
But when I try to access first page, it lets me without asking my credentials.
What else do I need to do to get this to work?
Thanks,
Tom
On Sun, 18 Jun 2006 09:49:57 +0200, Riki wrote: <authorizatio n> allow users="*" /> </authorization>
This means: access to all users.
Change it to:
<authorizatio n> allow users="*" /> deny users="?" /> </authorization> Riki
Actually, the deny should be first. The way ASP.NET does things is that it
only processes rules until it reaches one that succeeds. Since you list
allow users="*", which means allow everybody, that rule will be evaluated
first, and since this will succeed, it will not evaluate the second rule to
deny unauthenticated users.
"Erik Funkenbusch" <er**@despam-funkenbusch.com > wrote in message
news:12******** *******@funkenb usch.com... On Sun, 18 Jun 2006 09:49:57 +0200, Riki wrote:
<authorizatio n> allow users="*" /> </authorization>
This means: access to all users.
Change it to:
<authorizatio n> allow users="*" /> deny users="?" /> </authorization> Riki Actually, the deny should be first. The way ASP.NET does things is that
it only processes rules until it reaches one that succeeds. Since you list allow users="*", which means allow everybody, that rule will be evaluated first, and since this will succeed, it will not evaluate the second rule
to deny unauthenticated users.
I did make the change (there was a small error where is was missing the left
angle bracket) but I am still able to get to the home page with out any
logon screen from windows.
Is there something else I need to do?
Remember, I am at home and trying to log on, so it should be asking be for a
logon.
Thanks,
Tom
On Sun, 18 Jun 2006 21:02:22 -0700, tshad wrote: I did make the change (there was a small error where is was missing the left angle bracket) but I am still able to get to the home page with out any logon screen from windows.
Is there something else I need to do?
Remember, I am at home and trying to log on, so it should be asking be for a logon.
Your web.config you posted is not valid. For example, you have a closing
</system.web> but no opening one.
It's hard to say what your problems are with incomplete information.
How are you testing, with IIS or with the Cassini webserver from VS2005?
The latter will use the credentials of the logged on user for running
ASP.NET.
--
Riki
"tshad" <tf*@dslextreme .com> wrote in message
news:ea******** ******@TK2MSFTN GP05.phx.gbl... I am trying to set up an intranet at work that will use our Active directory to authorize our users. We also want them to access the site from the outside (such as at home) and also be authenticated by our Active Directory.
We don't want to set up a separate Sql setup.
I tried to set up my Web.config file like so:
*************** *************** *************** ************* <?xml version="1.0" encoding="utf-8" ?> <configuratio n>
<!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage ="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES Set customErrors mode="On" or "RemoteOnly " to enable custom error messages, "Off" to disable. Add <error> tags for each of the errors you want to handle. --> <customErrors mode="Off" />
<!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None" --> <authenticati on mode="Windows"/>
<!-- AUTHORIZATION This section sets the authorization policies of the application. You can allow or deny access to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous (unauthenticate d) users. --> <authorizatio n> allow users="*" /> </authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="tru e", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from your web application root. --> <trace enabled="false" requestLimit="1 0" pageOutput="fal se" traceMode="Sort ByTime" localOnly="true " />
<!-- SESSION STATE SETTINGS By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="tru e". --> <sessionState mode="InProc" stateConnection String="tcpip=1 27.0.0.1:42424" sqlConnectionSt ring="data source=127.0.0. 1;user id=sa;password= " cookieless="fal se" timeout="20" />
<!-- GLOBALIZATION This section sets the globalization settings of the application. --> <globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />
</system.web>
</configuration> *************** *************** *************** **************
I also set the Web Application to Integrated Windows security.
But when I try to access first page, it lets me without asking my credentials.
What else do I need to do to get this to work?
Thanks,
Tom
"Riki" <ri**@dontnagme .com> wrote in message
news:%2******** ********@TK2MSF TNGP03.phx.gbl. .. How are you testing, with IIS or with the Cassini webserver from VS2005? The latter will use the credentials of the logged on user for running ASP.NET.
I am running from IIS on the Windows 2003 Web Server Edition.
Tom --
Riki
"tshad" <tf*@dslextreme .com> wrote in message news:ea******** ******@TK2MSFTN GP05.phx.gbl...I am trying to set up an intranet at work that will use our Active directory to authorize our users. We also want them to access the site from the outside (such as at home) and also be authenticated by our Active Directory.
We don't want to set up a separate Sql setup.
I tried to set up my Web.config file like so:
*************** *************** *************** ************* <?xml version="1.0" encoding="utf-8" ?> <configuratio n>
<!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage ="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES Set customErrors mode="On" or "RemoteOnly " to enable custom
error messages, "Off" to disable. Add <error> tags for each of the errors you want to handle. --> <customErrors mode="Off" />
<!-- AUTHENTICATION This section sets the authentication policies of the
application. Possible modes are "Windows", "Forms", "Passport" and "None" --> <authenticati on mode="Windows"/>
<!-- AUTHORIZATION This section sets the authorization policies of the
application. You can allow or deny access to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous (unauthenticate d) users. --> <authorizatio n> allow users="*" /> </authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every
page within an application. Set trace enabled="true" to enable application trace logging.
If pageOutput="tru e", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from
your web application root. --> <trace enabled="false" requestLimit="1 0" pageOutput="fal se" traceMode="Sort ByTime" localOnly="true " />
<!-- SESSION STATE SETTINGS By default ASP.NET uses cookies to identify which requests
belong to a particular session. If cookies are not available, a session can be tracked by
adding a session identifier to the URL. To disable cookies, set sessionState cookieless="tru e". --> <sessionState mode="InProc" stateConnection String="tcpip=1 27.0.0.1:42424" sqlConnectionSt ring="data source=127.0.0. 1;user id=sa;password= " cookieless="fal se" timeout="20" />
<!-- GLOBALIZATION This section sets the globalization settings of the
application. --> <globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" />
</system.web>
</configuration> *************** *************** *************** **************
I also set the Web Application to Integrated Windows security.
But when I try to access first page, it lets me without asking my credentials.
What else do I need to do to get this to work?
Thanks,
Tom
On Mon, 19 Jun 2006 06:32:46 -0700, tshad wrote: "Riki" <ri**@dontnagme .com> wrote in message news:%2******** ********@TK2MSF TNGP03.phx.gbl. .. How are you testing, with IIS or with the Cassini webserver from VS2005? The latter will use the credentials of the logged on user for running ASP.NET.
I am running from IIS on the Windows 2003 Web Server Edition.
Is the web server a member of the domain?
"Erik Funkenbusch" <er**@despam-funkenbusch.com > wrote in message
news:1m******** ********@funken busch.com... On Sun, 18 Jun 2006 21:02:22 -0700, tshad wrote:
I did make the change (there was a small error where is was missing the left angle bracket) but I am still able to get to the home page with out any logon screen from windows.
Is there something else I need to do?
Remember, I am at home and trying to log on, so it should be asking be for a logon.
Your web.config you posted is not valid. For example, you have a closing </system.web> but no opening one.
It's hard to say what your problems are with incomplete information.
You're right.
Not sure why I missed that.
It now asks for authentication outside and inside. But there are a couple
of anomalies.
One is that it doesn't ask for the logon on the home page, but it does for
all the other pages. They are all in the same root folder. The home page
is index.htm and not index.aspx - is this the reason?
On the inside (at work) we are already logged onto the network, but it still
asks us to log on.
The other problem is that I and a couple others only have to put in our
logon names and others have to put in the Domain/logon.
Not sure why that is. I can log in outside and inside without the Domain.
Also, for those that try to login and cannot, they get back the website name
as the Domain (which I assume is why their logon fails -
intranet.ft.com/jfranks). But if they put in the actual domain
(ft0/jfranks), it works fine.
Thanks,
Tom
"Erik Funkenbusch" <er**@despam-funkenbusch.com > wrote in message
news:kl******** ******@funkenbu sch.com... On Mon, 19 Jun 2006 06:32:46 -0700, tshad wrote:
"Riki" <ri**@dontnagme .com> wrote in message news:%2******** ********@TK2MSF TNGP03.phx.gbl. .. How are you testing, with IIS or with the Cassini webserver from VS2005? The latter will use the credentials of the logged on user for running ASP.NET.
I am running from IIS on the Windows 2003 Web Server Edition.
Is the web server a member of the domain?
Yes.
As I mentioned in my other post a couple of minutes ago, I was missing the
<system.web>, which fixed that problem.
It is part of the Domain. And some can connect without putting in the
domain name and some people have to put the domain name in.
The Domain is (either ft0 or ft.com) and both allow users to logon. But if
a person is not able to logon, it redisplays as intranet.ft.com \jfranks
(which is intranet domain\logon). They then need to put in ft.com\jfranks
or ft0\jfranks to log on.
Tom This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: phreeskier |
last post by:
i want to implement authorization with windows authentication and don't
have the slightest clue of how to do this implementation. the basic
windows authentication for this .NET application is already setup. my
problem lies within my inability to manipulate the username captured in
the authentication process and my knowledge of how IIS is involved.
specifically, i have the following questions:
1) what object(s) can be used so that the...
|
by: Mark |
last post by:
When our staff are logged into a computer on our domain, they're still
prompted for their domain login and password to get into our ASP.NET
application in Internet Explorer when using Windows Authentication. Is it
possible to leverage the windows authentication from a client pc that is
already on the domain and authenticated??
Thanks in advance.
Mark
|
by: Chris Mohan |
last post by:
Hi, I've configured a web app to use windows authentication and also set up two separate subdirectories to use forms authentication. It appears to work fine but I have never seen a sample that demonstrates both in the same web.config and I don't like assuming i've done this correctly and securely.
Please take a look at the following from my web.config and let me know what you think(its not the full config-- just stripped down to its...
|
by: Dan |
last post by:
hi ng,
i have a problem with windows authentification.
i want to forward every user who
1. is not authorized
2. or could not be authenticated
to a login page
-------------------
|
by: serge calderara |
last post by:
Dear all,
I clearly underdand the advantage of both type of authentification but is it
allowed or possible to set the Authentication mode to Windows and then handle
a login form for defined users in Credential section like as follow :
<authentication mode="Windows" >
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="Jessee" password="JuneBug"/>
| |
by: sefe dery |
last post by:
hi ng,
i try to create a asp.net 1.0 website on windows server 2003(Servername:
ServerX) with iis 6.0.
PROBLEM:
The user should login with his windows credentials in basic.aspx and
automatically redirect to his own files.
i have the following file-structure:
|
by: charles |
last post by:
Hi,
I am trying to port my ASP application to ASP.Net 2.0
My application is sold to large corporations that have many thousands
of users. So I do not use Forms authentication. To make it more
convenient for them I developed a custom hybrid model of authentication
and authorization.
You see, the site administrator is often a non-technical person and
|
by: DK |
last post by:
I have an intranet application I've built using asp.net 3.5 / running on
IIS6.
The problem: when a user trys to access a page that they do not have access
to, they are given the annoying windows authentication popup, which is
useless because they are denied in the web.config file. After 3 tries or
hitting cancel, they are then directed to the Access Denied page.
How can I get rid of that popup ???
|
by: Max2006 |
last post by:
Hi,
I am trying to limit my wcf service endpoint to response to only given
windows user or group. How can I do that? Is there any way to configure that
in the .config file?
Thank you,
Max
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |