9.4. Using Windows Authentication


You want to use existing Windows network accounts for authenticating users of your application.


Configure IIS to block anonymous access and to require Windows integrated authentication.

Make the following four changes to web.config:

  1. Specify Windows authentication:

    	<authentication mode="Windows" />
  2. Set the <identity> element to impersonate:

    	<identity impersonate="true" userName="" password="" />
  3. Configure the <authorization> element to deny access to all users:

    		<deny users="*" /> <!-- Deny all users -->
  4. Add a <location> element for each page to which you want to control access with an <allow> child element and attribute (to allow access to the page by certain roles) followed by a <deny> child element and attribute (to deny access to all users not listed in the previous roles):

    	<location path="DisplayUserInformation.aspx">
    		  <allow roles="BuiltIn\Users,
    		  <deny users="*"/>

The code we’ve implemented to illustrate this solution appears in Examples 9-11, 9-12, 9-13 through 9-14. Example 9-11 shows the Windows authentication and role settings in web.config for the sample ASP.NET page. Example 9-12 shows the Windows authentication sample .aspx file. The code-behind class for the page appears in Examples 9-13 (VB) and 9-14 (C#). Figure 9-2 shows the Windows authentication dialog box, and Figure 9-3 shows a sample page produced ...

Get ASP.NET 2.0 Cookbook, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.