mike's web log

 

Blog Search


(Supports AND)

 

Google Ads

 

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

 

Quote

In object oriented systems, there is a bit of mental judo going on whereby you convert a system from imperative statements like "print x" to a more message oriented "to: x; message: go print yourself".

Sam Ruby



 

Navigation






<April 2014>
SMTWTFS
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910


 

25 Most-Visited Entries

 

Categories

  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
  RSS
 

Blogs I Read

 

Contact

Email me
 

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 4/3/2014

Totals
Posts - 2298
Comments - 2480
Hits - 1,618,070

Averages
Entries/day - 0.58
Comments/entry - 1.08
Hits/day - 410

Update every 30 minutes. Last: 8:50 PM Pacific

 
   |  Using Windows authentication in ASP.NET Web Pages

posted at 10:53 AM | | |

When I wrote about using simple membership in ASP.NET Web Pages a little while ago, commenter akshayms asked "How can I use Windows authentication"? Simple membership uses a login form and a membership database for managing a site's users. In contrast, Windows authentication just uses your existing Windows login credentials; no need to log in separately. Windows auth is useful for intranet sites, like on a corporate network.

When the question first came up, I asked around, because I hadn't played with it myself. The first answer was "Just like in 'normal' ASP.NET!", which is to say, by setting the authentication mode in the application's Web.config file to "Windows." (Documentation.) Like this:

<authentication mode="Windows" />

It turned out, tho, that this didn't entirely work. Anyway, long story short, it looks like you do this:
  • Disable simple membership.
  • Require authentication. (Duh, right? Hold that thought.)
(Windows authentication also needs to be enabled, but that's the default in ASP.NET, so you don't actually need to explicitly switch that on.)

You can do these by creating a Web.config file in the Web Pages application and adding the following to it. (Highlights for the interesting bits.)

<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="EnableSimpleMembership" value="false" />
</appSettings>

<system.web>
<compilation debug="false" targetFramework="4.0" />
<authorization>
<deny users="?"/>
</authorization>

</system.web>
</configuration>

The line deny users="?" is the bit I mentioned earlier — this denies access to anonymous users, which is to say that it requires the user to be authenticated. As shown here, this would require authentication to access anything in the site. In an intranet site, that's probably fine, since none of your users are probably anonymous.

Then in a page, you can do this:

@WebSecurity.CurrentUserName

... and/or do all the other membership stuff that's supported for Windows authentication in the base membership system. (Not just the features of simple membership.)

However, problem. If you're testing your site using IIS Express, which is the default testing server for WebMatrix, you get an "Access Denied" error. Oh, bother.

The fix to this issue is to make a change in the applicationhost.config file, which is (as you might remember) in the following folder:

C:\Users\[you]\Documents\IISExpress\config

In the config file, find the windowsAuthentication element and change its enabled attribute to true. Like this:

<windowsAuthentication enabled="true">

Restart WebMatrix if you happened to have it open whilst doing all this.

This last fix — the change to applicationhost.config — is a machine-wide setting. If you want to configure Windows authentication for IIS Express for only specific folders/apps, you can use a <location> tag, which lets you apply configuration settings to specific files and folders in your site. (Info: location Element, HOW TO: Control Authorization Permissions in an ASP.NET Application.)

The <location> tag might look like this if you wanted to use Windows authentication in IIS Express for the application named WinauthTest:

<location path="WinAuthTest">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>

One final note. In Visual Studio, it's easier to configure IIS Express to use Windows authentication on a per-project basis. Open the project, and in Solution Explorer, select the project (parent) node, then press F4 to view properties. Then just set WindowsAuthentication to true:




Credit: This issue was actually investigated and solved by Erik Porter, who is the Program Manager for Web Pages stuff. I just wrote it up. :-)

[categories] ,