CODEWITHSUNDEEP
asp.netiis-6windows-authentication
Andrew Keller
Andrew Keller

Reputation: 3239

ASP.net quick and dirty authentication

I'm currently working on a page within one of my company's internet sites that is in response to some production issues we have. The page will be published with the rest of the web site to our DMZ, however I'd like to set-up some quick authentication so only users on our domain (assuming they access the site internally) can access the page. I'd like to use Windows authentication to do so.

Is there a quick way to accomplish this?

Upvotes: 1

Views: 365

Answers (3)

chris
chris

Reputation: 37460

If I understand the question correctly, you want to enable security just on one page in your application - not the entire app.

Under IIS, you can manage the security settings on a page by page basis. In the IIS manager, pick the page, and change the security settings so that anonymous is off, and only Windows auth is accepted. You should get prompted for a login when you visit that page.

Upvotes: 2

SDReyes
SDReyes

Reputation: 9954

From Scott Gu's blog

To enable Windows Authentication within an ASP.NET Application, you should make sure that you have “Integrated Windows Authentication” (formerly called NTLM authentication) enabled within IIS for the application you are building. You should then add a web.config file to the root directory of your ASP.NET application that contains an section which sets the mode to “Windows”.

You should also then add an section to the same web.config file that denies access to “anonymous” users visiting the site. This will force ASP.NET to always authenticate the incoming browser user using Windows Authentication – and ensure that from within code on the server you can always access the username and Windows group membership of the incoming user.

The below web.config file demonstrates how to configure both steps described above:

<configuration>
    <system.web>
        <authentication mode="Windows" />
         <authorization>
             <deny users="?"/>
          </authorization>
    </system.web>
</configuration>

EDIT:

You can apply the auth settings to just a path in this way:

<location path="mypath.axd">
    <system.web>
      <authorization>
        <allow roles="MyRole, AnotherRole" />
        <deny users="*" />
        <deny users="?" />
      </authorization>
    </system.web>
</location>

Upvotes: 2

CodingGorilla
CodingGorilla

Reputation: 19842

You can simply use Windows Authentication settings in IIS. Just turn off Anonymous Access in IIS and set your NTFS permissions on the Web folder to the users whom you want to have access to the site. Your IIS admin should be able to handle this quite easily.

Upvotes: 1

Related Questions