Intranet and Integrated Windows Authentication

From: Andrew (AndrewR2k1_at_hotmail.com)
Date: 06/22/04

  • Next message: Wendy: "Gaining FullTrust" 
    Date: Tue, 22 Jun 2004 10:30:18 -0700

    Hey all,

    I would like to preface my question by stating I am still learning ASP.net
    and while I am confident in the basics and foundation, the more advanced
    stuff is still a challenge. Ok. :)

    We are looking at redoing our entire Intranet, starting over from scratch,
    as a .Net website. Our current site has two separate sides, a public side
    for all viewers, and a secure side for those granted permission can access
    apps to update web info, databases, etc. In moving to .Net we would like to
    use Integrated Windows Authentication with our pages. We will be putting
    the Intranet server under a Domain Controller where the users and user info
    will be pulled from.

    We would like to have the pages similar to what you would see on eBay, or
    Amazon, or any number of Blog sites. That is, you can surf and view and
    bounce around all the pages, but unless you log in you cannot view your
    personal information. However, if you do log in, the public pages take on
    new buttons or links because those pages know who you are. In essence, the
    public side and secure side merge into one, and page items turn on or off
    depending on your logged in status.

    I have Google'd on "integrated windows authentication" and, of course, have
    found numerous websites. It is almost overwhelming. I found a few good
    articles here:

    Active Directory Authentication from ASP .NET

    http://msdn.microsoft.com/library/en-us/sds/sds/active_directory_authentication_from_asp__net.asp

    Securing an ASP.Net application...

    http://www.dotnetjohn.com/articles.aspx?articleid=19

    HOW TO: Authenticate against the Active Directory by Using Forms
    Authentication and Visual Basic .NET

    http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

    Developing Secure Web Sites with ASP.NET and IIS

    http://www.c-sharpcorner.com/Code/2003/March/SecureSiteWithASPNET.asp

    Windows Authentication in ASP.NET

    http://www.dotnetbips.com/displayarticle.aspx?id=10

    (Joe Kaplan (MVP - ADSI), if you read this, I also saw your postings
    recently on somewhat this subject in this newsgroup.)

    I am still having trouble interpreting and understanding all this
    information and now look to some of you to help possible translate it into
    English. The last URL above provided an example that shows how to use
    System.Security.Principal to determine the user name and authenticated
    status (which I have tested successfully). But this just pulls from the
    system when the user logged in after turning on the PC. The other URL's
    state that in an Intranet environment, IAW is the thing to use - which is
    where this is going. But I need to offer the ability for a user to log in
    and log out, and when not logged in they are set as "anonymous" - not just
    automatically pull system info. So this seems I need to use Forms
    Authentication? Looking at examples of Forms Authentication, at my level of
    experience, are quite long, involved, and a bit over my head in their
    explanations. Do I use one over the other? Both together? Help?

    So, I am asking for some help here in understanding the .Net techniques to
    develop a website that uses Integrated Windows Authentication (using Active
    Directory from a Domain Controller) to authenticate users, but requires
    users to log in, and allows them to log out. I can control the visual
    changes on the page(s), I just need help on the log-in/log-out, security,
    authentication part of it.

    Your comments, suggestions, tips, and other input are gladly accepted and
    appreciated. Oh, and in VB.net if possible please, though I turn away
    nothing. :)

    -- Andrew

  • Next message: Wendy: "Gaining FullTrust"