Re: Intranet and Integrated Windows Authentication

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/23/04


Date: Wed, 23 Jun 2004 11:47:19 -0500

I like this idea.

Another thing you could do if you absolutely need authenticated and
anonymous parts of the site AND want to use WIA is put the authenticated
parts of the site in a different vroot with anonymous access turned off.

If you absolutely must mix and match anonymous and authenticated, then you
might be able to do something like have two different copies of the site,
one if a vroot that allows anonymous and one in a vroot that requires
authentication. In your application, you use use the Context.User property
to determine whether the current user is authenticated or not and whether
they are in certain Windows groups and control the rendering of your pages
accordingly. It is very likely you could make both versions of the
application be identical which would make deployment much easier. The app
would simply decide what stuff to render dynamically at runtime.

Still, it seems like it would be much easier to simply make the whole site
be authenticated.

Joe K.

"Joe H" <jharri@hotmail.com> wrote in message
news:em5trvTWEHA.2844@TK2MSFTNGP11.phx.gbl...
> how about turning on Integrated Windows Authentication. and then maintain
a
> user-list to the resources in the site that you require special access to?
> this can be done on a page basis, or a function basis, or a "role" basis,
> etc...
>
> since this is an "intranet" the word "public" does not have the same
> meaning, right? in other words, everybody on your network accessing your
> intranet should be in active directory. and should therefore be accounted
> for when they access ANY part of your intranet site.
>
>
> "Andrew" <AndrewR2k1@hotmail.com> wrote in message
> news:uEPoX6HWEHA.3024@TK2MSFTNGP09.phx.gbl...
> > Hey all,
> >
> >
> >
> > I would like to preface my question by stating I am still learning
ASP.net
> > and while I am confident in the basics and foundation, the more advanced
> > stuff is still a challenge. Ok. :)
> >
> >
> >
> > We are looking at redoing our entire Intranet, starting over from
scratch,
> > as a .Net website. Our current site has two separate sides, a public
side
> > for all viewers, and a secure side for those granted permission can
access
> > apps to update web info, databases, etc. In moving to .Net we would
like
> to
> > use Integrated Windows Authentication with our pages. We will be
putting
> > the Intranet server under a Domain Controller where the users and user
> info
> > will be pulled from.
> >
> >
> >
> > We would like to have the pages similar to what you would see on eBay,
or
> > Amazon, or any number of Blog sites. That is, you can surf and view and
> > bounce around all the pages, but unless you log in you cannot view your
> > personal information. However, if you do log in, the public pages take
on
> > new buttons or links because those pages know who you are. In essence,
> the
> > public side and secure side merge into one, and page items turn on or
off
> > depending on your logged in status.
> >
> >
> >
> > I have Google'd on "integrated windows authentication" and, of course,
> have
> > found numerous websites. It is almost overwhelming. I found a few good
> > articles here:
> >
> >
> >
> > Active Directory Authentication from ASP .NET
> >
> >
>
http://msdn.microsoft.com/library/en-us/sds/sds/active_directory_authentication_from_asp__net.asp
> >
> >
> >
> > Securing an ASP.Net application...
> >
> > http://www.dotnetjohn.com/articles.aspx?articleid=19
> >
> >
> >
> > HOW TO: Authenticate against the Active Directory by Using Forms
> > Authentication and Visual Basic .NET
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;326340
> >
> >
> >
> > Developing Secure Web Sites with ASP.NET and IIS
> >
> > http://www.c-sharpcorner.com/Code/2003/March/SecureSiteWithASPNET.asp
> >
> >
> >
> > Windows Authentication in ASP.NET
> >
> > http://www.dotnetbips.com/displayarticle.aspx?id=10
> >
> >
> >
> > (Joe Kaplan (MVP - ADSI), if you read this, I also saw your postings
> > recently on somewhat this subject in this newsgroup.)
> >
> >
> >
> > I am still having trouble interpreting and understanding all this
> > information and now look to some of you to help possible translate it
into
> > English. The last URL above provided an example that shows how to use
> > System.Security.Principal to determine the user name and authenticated
> > status (which I have tested successfully). But this just pulls from the
> > system when the user logged in after turning on the PC. The other URL's
> > state that in an Intranet environment, IAW is the thing to use - which
is
> > where this is going. But I need to offer the ability for a user to log
in
> > and log out, and when not logged in they are set as "anonymous" - not
just
> > automatically pull system info. So this seems I need to use Forms
> > Authentication? Looking at examples of Forms Authentication, at my
level
> of
> > experience, are quite long, involved, and a bit over my head in their
> > explanations. Do I use one over the other? Both together? Help?
> >
> >
> >
> > So, I am asking for some help here in understanding the .Net techniques
to
> > develop a website that uses Integrated Windows Authentication (using
> Active
> > Directory from a Domain Controller) to authenticate users, but requires
> > users to log in, and allows them to log out. I can control the visual
> > changes on the page(s), I just need help on the log-in/log-out,
security,
> > authentication part of it.
> >
> >
> >
> > Your comments, suggestions, tips, and other input are gladly accepted
and
> > appreciated. Oh, and in VB.net if possible please, though I turn away
> > nothing. :)
> >
> >
> >
> > -- Andrew
> >
> >
>
>



Relevant Pages

  • Re: Urgent - need help with logging anonymous and Active Dir users without login form
    ... networks behind the same firewall. ... automatically logged in to our intranet in. ... forms authentication for everything. ... the user back to the page the access which initiated the login request. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Constant Password Authentication
    ... domain and server name in the URL. ... confirm that the same authentication methods are checkmarked as compared to ... Within our organisation there are staff who are ... > Up until recently a company that has had access to our intranet had been ...
    (microsoft.public.inetserver.iis.security)
  • RE: Windows authentication from ASP.NET to SQL Server
    ... The easiest way is to turn off anonymous access for the Intranet site. ... will force authentication, usually through a login box (although the network ... > intranet server and our database server, both of which are on our local ... > Successful Network Logon: ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Forms Authentication with AD
    ... > Basically we have an Intranet system running on Win2k3 with AD. ... > It's a fairly open company, so there's not much need for more protection ... >> I'm using Windows Authentication to automatically recognise users in my ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Intranet File Permissions Using Active Directory
    ... Open the IIS Manager, and for the Intranet website (or folder, or ... Disable "Allow Anonymous Authentication". ... access the resources should have Read permissions. ... I have a question regarding using IIS to host a Intranet site for my ...
    (microsoft.public.inetserver.iis.security)