469,904 Members | 2,065 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,904 developers. It's quick & easy.

Portal Starter Kit authentication


can some one point me what i'm doing wrong? I have spent half a day figuring
out and totally stuck now.

Here's what I'm trying to accomplish: I am writing a web appl - an intranet
portal site (based on the portal starter kit) and I want to apply role based
security to the site. - When the users type in the intranet URL, a windows
logon window would pop up and then users login with their NT credentials.
Based upon theie level of security they see the tabs on the portal.
Here's what I have accomplished so far:
1. Created new groups on the domain.
2. Turned on the authentication to "windows" in the web.config file of the
portal site.
3. Added
<authorization>
<allow roles = "doaminname\role1,doaminname\role4" />
<deny users="*">
</authorization>
in the web.config.
4. Added the LogOnID to the users table and the exact domain roles to the
Roles table.

However the wuthentication is not working correctly, the windows logon
prompt keeps poping.. and the app redirects to the AccessDenied page.

Your kind help is greatly appreciated.

"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamM> wrote in
message news:uO**************@TK2MSFTNGP09.phx.gbl...
I am not sure what would be consider good and simple in your vernacular, but there are plenty of free (thats right folks, free) books at
http://msdn.microsoft.com/architecture. Look for the patterns and practices section. Great information on security, infrastructure and architecture for developers. Does not completely relate directly to .NET windows
authentication, but you will find the topics in there.

Now, as far as windows authentication goes, what you are you trying to
accomplish. A web app or a windows app, or are you just looking for the
basics of NTFS permissions and how they relate to user's logons? Or, do you want to get into Active Directory?

The answers to these questions will help myself and others lead you in the
right direction, as there is a lot of information out there, both in books
and online.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************** ********************
Think Outside the Box!
************************************************** ********************
<.net user> wrote in message news:OE**************@TK2MSFTNGP12.phx.gbl...
I have been using .net for a while. I want to have my windows

authentication
concepts cleared - . particularly how it works on Intranet sites. Is

there
a good, simple to understand reference book/sites that can help me with?

Appreciate any help.


Nov 18 '05 #1
1 1515
".net user" <msnews.microsoft.com> wrote in message
news:Oz**************@TK2MSFTNGP09.phx.gbl...

can some one point me what i'm doing wrong? I have spent half a day figuring out and totally stuck now.

Here's what I'm trying to accomplish: I am writing a web appl - an intranet portal site (based on the portal starter kit) and I want to apply role based security to the site. - When the users type in the intranet URL, a windows
logon window would pop up and then users login with their NT credentials.
Based upon theie level of security they see the tabs on the portal.
Here's what I have accomplished so far:
1. Created new groups on the domain.
Good for windows authentication.
2. Turned on the authentication to "windows" in the web.config file of the
portal site.
Also good for windows authentication.
3. Added
<authorization>
<allow roles = "doaminname\role1,doaminname\role4" />
<deny users="*">
</authorization>
in the web.config.
Looks fine so far.
4. Added the LogOnID to the users table and the exact domain roles to the
Roles table.
This sounds more like forms based authentication.
However the wuthentication is not working correctly, the windows logon
prompt keeps poping.. and the app redirects to the AccessDenied page.

Your kind help is greatly appreciated.
Here are the steps for windows.

1. Add the group in question (either to machine or domain).
2. Add users to group
3. Make sure the user is logging onto the domain
This is most likely where you problem is

Three options to fix:
1. Have user add domain name before user, like
USER BOX: DomainName\Username
PASSWORD BOX: Password

2. Set up the app to use the domain. This a dual edged sword.
a. Open Internet Services Manager
b. Goto Directory Security tab
c. Click the top edit button: Enable Anonymous Access ....
d. Use Basic authentication (the edge of the sword)
e. Cllick edit and add the domain nameNow, try logging on again with the name.
For the dual edge part. A person logging in can have their logon

compromised.

3. Make a local group(s) on the web server and use it.
a. Add domain group(s) to local group(s)
b. Change authentication to use the local group(s), not the domain (in
web.config)

This is standard windows. You add domain users to domain groups and then add
domain groups to local groups for access to the local machine. The rules can
be played a bit different in Active Directory, of course, but this will
still work.

NOTE: You can also add users to the local group and bypass the domain group
addition, if you feel you can manage it there. IN general, I would not
advise this.

I am sure there are others who can come up with even more options.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************** ********************
Think Outside the Box!
************************************************** ********************
Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Samuel Berry | last post: by
3 posts views Thread by Dan Sikorsky | last post: by
reply views Thread by Jill Graham | last post: by
3 posts views Thread by eridgway | last post: by
5 posts views Thread by Kamil Tezduyar | last post: by
18 posts views Thread by Juan Gil | last post: by
1 post views Thread by | last post: by
1 post views Thread by Waqarahmed | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.