Last post Dec 06, 2011 06:30 PM by gww
Dec 06, 2011 04:09 AM|MM_MSDN|LINK
I had developed an intranet web project, with the requirements to authenticate the windows mode[Hitting the Domian&Active directry] after that data will be fetched from the sql server DB for the further processing.
Scenario:users will make calls from thier office, data will be loaded in sqlserver DB. once the user logging on his system, He goes to the Iexplorer and select the URL for the Call log, here no authentication will be asked, system should show him his call
logs and other relevant info's.
But, here windows mode authentication is not working[Showing the login page again, Even though giving his windows[Domain user] account, it fails]. The Below steps i implemented, Can any one suggest, any thing is left or needed.
2:IIS 6.0-concern website-Properties-Directory security-selecting the integrated windows authentication.
Is that any thing missed to activate the windows mode authencation.
Query:1. How the IIS will know, where to check the Domain server, Or is that like Domain server holding the active directory, should be mentioned, if yes where?
Dec 06, 2011 05:08 AM|Srikanth Kasturi|LINK
Do you mean ther kerberos credential challenge as Login page or did you create a login page seperately ?
On IE browser, there is another setting : Click on Internet Options --> Security Tab -- > Custom Level button -- > Scroll all the way to down to see the options for User authentications. Select third option for logging on automatically. ( Automatic logon
with current username and password ) .
This works ideally for the intranet websites/applications.
In IIS, you will only Enable windows authentication.. rest all will be
disabled. That will take care of itself.
Dec 06, 2011 06:25 AM|MM_MSDN|LINK
The some user have windows acc in active directory and some users will not have window account. For Non window acc users, they will create the web acc on thier own and login thru Login.aspx page.
here, the problem, That login page is shown to the windows account holders too.
I had enabled only Integrated Windows Authentication [in DirectorySecurity->AuthenticationandAccessControl], But It doesn't work.
What is the case of Enable anonymous acces ? Is it enbled or disabled?
why it is used for?
Dec 06, 2011 06:49 AM|Srikanth Kasturi|LINK
Ok. My approach to this kind of requirement would be as :
1. On login, find the user whether he is available in Active Directory or not.
2. Create two methods : one is for db user, one is for active directory login
3. Access that particular method based on step 1.
Let me know if you need code for this.
As you have asked, the anonymous access should be set to disabled. The username and password will be used for anonymous login. This is the Service user of that application pool.
Dec 06, 2011 08:16 AM|MM_MSDN|LINK
Thanks for the Help....
Got the Logic behind this.....If Possible code snippets will help me.....
Dec 06, 2011 06:30 PM|gww|LINK
If you are wanting to provide a login via a database and active directory you will not want to use windows authentication in the web. You will want to use forms authentication in the web.config.
How I have my intranet setup is to have IIS set to windows authentication with anonymous access disabled and forms authentication set in my webconfig and use of custom roles to restrict access to pages in the web.config. In my global.asax I use the application_authenticate
and grab the current logged on user and assign the their roles, if any. Doing it this way they do not have to log into the webpages once they have logged into their computer. But you can also use login page. If a person does not have access to a page they
are redirected to the "login" page, but i have no login field there, they are just told they do not have access to that page. But you could provide an alternate login for the database there.
You would handle this in your authentication request from the login page.