Last post Apr 19, 2011 10:46 AM by smirnov
Apr 18, 2011 09:41 AM|cenk1536|LINK
I have a web page and I would like to implement a simple authorization and authentication. I would like to get user and password from LDAP and if user is authenticated,he can see a page named test.aspx other wise directed to error page. Is there a way to
implement such a stuff without having a login page. I mean there gonna be only one page, test.aspx and if the user is authenticated and have rights to do stuff on this page, he can see/do but if no rights then redirected to error page.
Thanks in advance.
Apr 18, 2011 10:33 AM|gww|LINK
You can do it without a login page but you will not able to authenticate with a password. You can grab the logon_user of the currently logged on user and search ldap for that user name and if they exist allow them access to the site. You would then need
to setup a web.config for the page(s) you want to restrict access and either restrict them by name or by group membership, depending if you went with windows authentication or a custom role authentication.
For me, i use a custom role authentication using a database and add the samaccountnames to groups to allow/deny access to pages. In my global Application_AuthenticateRequest I grab the LOGON_USER to check the list of roles the user belongs to in the database.
You can also search any groups the user belongs to in AD and assign them to roles. If the user does not have access to a page they get directed to a "login" page saying they do not have access to that page. This is done in the web.config page in <authentication
mode="forms"> with the loginURL.
If you go with windows autentication you will use WindowsAuthentication_Authenticate in your global. You will not be able to use roles but you can check group membership in AD to deny access to a page or just list user names in a web.config who can access
or page and deny all others.
Apr 19, 2011 10:46 AM|smirnov|LINK
Read about Windows Authentication.
How To: Use Windows Authentication in ASP.NET 2.0
How to implement Windows authentication and authorization in ASP.NET
Hope this helps.