Using Windows authentication in ASP.NET Web Pages

來源:互聯網
上載者:User

標籤:

Tuesday, 16 August 2011   10:53 AM


When I wrote about using simple membership in ASP.NET Web Pages a little while ago, commenter akshayms asked "How can I use Windows authentication"? Simple membership uses a login form and a membership database for managing a site‘s users. In contrast, Windows authentication just uses your existing Windows login credentials; no need to log in separately. Windows auth is useful for intranet sites, like on a corporate network.

When the question first came up, I asked around, because I hadn‘t played with it myself. The first answer was "Just like in ‘normal‘ ASP.NET!", which is to say, by setting the authentication mode in the application‘s Web.config file to "Windows." (Documentation.) Like this:

<authentication mode="Windows" />

It turned out, tho, that this didn‘t entirely work. Anyway, long story short, it looks like you do this:

  • Disable simple membership.
  • Require authentication. (Duh, right? Hold that thought.)

(Windows authentication also needs to be enabled, but that‘s the default in ASP.NET, so you don‘t actually need to explicitly switch that on.)

You can do these by creating a Web.config file in the Web Pages application and adding the following to it. (Highlights for the interesting bits.) 

<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="EnableSimpleMembership" value="false" />
</appSettings>
<system.web>
<compilation debug="false" targetFramework="4.0" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>


The line deny users="?" is the bit I mentioned earlier — this denies access to anonymous users, which is to say that it requires the user to be authenticated. As shown here, this would require authentication to access anything in the site. In an intranet site, that‘s probably fine, since none of your users are probably anonymous. 

Then in a page, you can do this:

@WebSecurity.CurrentUserName

... and/or do all the other membership stuff that‘s supported for Windows authentication in the base membership system. (Not just the features of simple membership.)

However, problem. If you‘re testing your site using IIS Express, which is the default testing server for WebMatrix, you get an "Access Denied" error. Oh, bother.

The fix to this issue is to make a change in the applicationhost.config file, which is (as you might remember) in the following folder:

C:\Users\[you]\Documents\IISExpress\config

In the config file, find the windowsAuthentication element and change its enabled attribute to true. Like this:

<windowsAuthentication enabled="true">

Restart WebMatrix if you happened to have it open whilst doing all this. 

This last fix — the change to applicationhost.config — is a machine-wide setting. If you want to configure Windows authentication for IIS Express for only specific folders/apps, you can use a <location> tag, which lets you apply configuration settings to specific files and folders in your site. (Info: location Element, HOW TO: Control Authorization Permissions in an ASP.NET Application.)

The <location> tag might look like this if you wanted to use Windows authentication in IIS Express for the application named WinauthTest:

<location path="WinAuthTest">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>


One final note. In Visual Studio, it‘s easier to configure IIS Express to use Windows authentication on a per-project basis. Open the project, and in Solution Explorer, select the project (parent) node, then press F4 to view properties. Then just setWindowsAuthentication to true:




Credit: This issue was actually investigated and solved by Erik Porter, who is the Program Manager for Web Pages stuff. I just wrote it up. :-)

Using Windows authentication in ASP.NET Web Pages

相關文章

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.