8.4. Using Windows Authentication


You want to use existing Windows network accounts for authenticating users of your application.


Configure IIS to block anonymous access and to require Windows integrated authentication.

Make the following changes to web.config:

  1. Specify Windows authentication:

      <authentication mode="Windows" />
  2. Set the <identity> element to impersonate:

      <identity impersonate="true" userName="" password="" />
  3. Configure the <authorization> element to deny access to all users:

          <deny users="*" /> <!-- Deny all users -->
  4. Add a <location> element for each page to which you want to control access with an <allow> child element and attribute (to allow access to the page by certain roles) followed by a <deny> child element and attribute (to deny access to all users not listed in the previous roles):

      <location path="DisplayUserInformation.aspx">
            <allow roles="BuiltIn\Users,
                                 <deny users="*"/>

In the code-behind class for the ASP.NET page, get the current user’s identity and check the user’s roles using the identity property from the current context:

  identity = CType(Context.User.Identity, WindowsIdentity)

Solution identity = (WindowsIdentity)(Context.User.Identity); ...

Get ASP.NET Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.