I have two questions concerning authentication of a intranet website and how to go about doing it. I want the first page the user comes to, to be the login page. I could have sworn there was a tag, something like [Authorize] that you put in your C# code that did this for you but I can't find it anymore. Right now the first page is my dafault.aspx. I turned on windows authentication in the web.config file and it automatically logged me in. So that is working, but I want the user to have to login as stated above. What do I have to do? I only want to allow people that are in a certain group to have access. How do I add this additional check?

c#asp.net

Craig

Reputation: 1225

Web Application Authentication

I have two questions concerning authentication of a intranet website and how to go about doing it.

I want the first page the user comes to, to be the login page. I could have sworn there was a tag, something like [Authorize] that you put in your C# code that did this for you but I can't find it anymore. Right now the first page is my dafault.aspx. I turned on windows authentication in the web.config file and it automatically logged me in. So that is working, but I want the user to have to login as stated above. What do I have to do?
I only want to allow people that are in a certain group to have access. How do I add this additional check?

Upvotes: 4

Answers (4)

Craig

Reputation: 1225

Thanks for all the great input. They got me going in the right direction and then the customer decided to change direction. They want to have it auto login if they are in the right group, otherwise display and error message. The Form authentication would have worked as described.

Upvotes: 0

Bibhu

Reputation: 4081

Use forms authentication instead of windows authentication. Have a look on these link they provide walk throughs for using forms authentication :

http://www.asp.net/web-forms/tutorials/security/introduction/an-overview-of-forms-authentication-vb

http://www.dotnetfunda.com/articles/article141.aspx

For using active directory go through these links :

http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx

http://msdn.microsoft.com/en-us/library/ff650308.aspx

Upvotes: 1

joe_coolish

Reputation: 7259

In your web.config file you need to add the following

<authentication mode="Forms">
  <forms loginUrl="YOUR LOGIN PAGE!!" timeout="2880" />
</authentication>

in the <system.web /> tag.

That will force the user to authenticate for that site.

The [Authorize] attribute is used to require a user be authenticated (like you had put in your question), BUT!! only for MVC applications http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx

With MVC you can also do the [RequiresAuthentication(Roles = "admin")] attribute which will give you control over which rolls have access to which endpoints.

I would seriously consider MVC

Upvotes: 2

tedski

Reputation: 2311

Here's a guide to setting up Forms Authentication on your site: https://web.archive.org/web/20211020150650/http://www.4guysfromrolla.com/webtech/110701-1.shtml

Part 2 has the meat of the stuff.

Upvotes: 1

Web Application Authentication

Answers (4)

Related Questions