8.4. Using Windows Authentication

Problem

You want to use existing Windows network accounts for authenticating users of your application.

Solution

Configure IIS to block anonymous access and to require Windows integrated authentication.

Make the following changes to web.config:

  1. Specify Windows authentication:

      <authentication mode="Windows" />

  2. Set the <identity> element to impersonate:

      <identity impersonate="true" userName="" password="" />

  3. Configure the <authorization> element to deny access to all users:

      <authorization>
      <deny users="*" /> <!-- Deny all users -->

  </authorization>

  4. Add a <location> element for each page to which you want to control access with an <allow> child element and attribute (to allow access to the page by certain roles) followed by a <deny> child element and attribute (to deny access to all users not listed in the previous roles):

      <location path="DisplayUserInformation.aspx">
    <system.web>
      <authorization>
        <allow roles="BuiltIn\Users,
                                           BuiltIn\Administrators"/>
                             <deny users="*"/>

      </authorization>
    </system.web>
  </location>

In the code-behind class for the ASP.NET page, get the current user’s identity and check the user’s roles using the identity property from the current context:

               Solution
  identity = CType(Context.User.Identity, WindowsIdentity)

Solution identity = (WindowsIdentity)(Context.User.Identity); ...

Get ASP.NET Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial