I'm trying to set up a usercontrol that I can put on specific pages to
authenticate people via their network login on our intranet. I have this in
the config file:
<authentication mode="Windows" />
<authorization>
<allow roles="ServerName\GroupName" />
<deny users="*" />
</authorization>
And then I'm using this on the control:
Dim user As WindowsPrincipal =
CType(System.Threading.Thread.CurrentPrincipal, WindowsPrincipal)
If user.IsInRole("J00000scourtnet\BailBondsDBAdmin") Then
'do nothing, ie, let them in
else server.Transfer(request.ApplicationPath & "/accessError.aspx")
End If
I'm having two problems:
1) Every time I access a page with this control, it asks for my network
username and password. Is there a way to get this automatically from my
machine or from the network automatically?
2) The redirect isn't working because the authentication is happening prior
to page load. Ie, if I'm not part of that group, it never loads the page for
me to do the redirect. My thought to solve this would be to remove the DENY
statement, which then allows me to get to the actual page, where, in theory,
I could then check the user and do the if/then. However, if I remove the
DENY statement, then the control never prompts me for my network ID, and
instead logs me as 'Iuser'.
Am I completely way off base on how I'm implementing this?
In the end, I'd like to be able to grab the network userID, see if that user
belongs to a group set up on the server, and, if so, load the page,
otherwise, redirect to the error.
For now, with my original setup, it's secure, as if you're not in the group,
you can't get in...however it's aesthetically mess (no formal error page,
just a generic 'permission denied' error in IE).
-Darrel
