Re: User Authentication, Active Directory and more (help)
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: Mon, 21 Jun 2004 09:12:23 -0500
When you are using Windows authentication in IIS and ASP.NET, the roles in
the IPrincipal that gets created will be Windows groups, so they will be of
the form Domain\Group Name.
I order to make sure you are using Windows authentication in IIS, you must
disable anonymous access and enable Basic, Digest or Integrated
authentication. Don't use Basic without SSL or you will be passing
credentials in plain text over the network. In ASP.NET, you need to make
sure the authentication tag in web.config is set to Windows (which is the
In order to authenticate users in Active Directory, the IIS server must be a
member of the Active Directory domain.
If you want to build your own authentication scheme using
System.DirectoryServices or something, then you will also be responsible for
building the IPrincipal object that contains the user's roles. This sample
of Forms authentication with System.DirectoryServices is an okay starting
"Timothy Parez" <firstname.lastname@example.org> wrote in message
> Thnx for all the information.
> I would like to ask you for some more help :)
> I tried using the following in my web.config file but it doesn't really
> <authentication mode="Windows"/>
> <allow roles="Admins" />
> <deny users="*" />
> I have also played with these values, but either I get a logon screen
> but I can never logon, or I don't get a logon screen and get a page that
> I'm not authorized to view that page right away.
> In any case I don't think this will be the best option for me.
> Using the DirectoryServices namespace, can I take a username and
> password and validate it against the AD from my code
> ie. is there something like (I know seems stupid but I must ask)
> if (User.Authenticate("username","password"))
> MessageBox.Show("Try again m8");
> This would be a lot better than the logon provided by ASP.NET (more
> compatible and usable in code)
> Thnx for you help.