About

I'm Mike Pope. I live in the Seattle area. I've been a technical writer and editor for over 35 years. I'm interested in software, language, music, movies, books, motorcycles, travel, and ... well, lots of stuff.

Read more ...

Blog Search


(Supports AND)

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

Quote

Making it easy to do good stuff is obviously goodness; thinking about how to make it hard to do bad is actually more important.

Eric Lippert



Navigation





<December 2024>
SMTWTFS
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234

Categories

  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  

Contact Me

Email me

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 9/4/2024

Totals
Posts - 2655
Comments - 2677
Hits - 2,715,618

Averages
Entries/day - 0.34
Comments/entry - 1.01
Hits/day - 347

Updated every 30 minutes. Last: 2:13 PM Pacific


  10:53 AM

When I wrote about using simple membership in ASP.NET Web Pages a little while ago, commenter akshayms asked "How can I use Windows authentication"? Simple membership uses a login form and a membership database for managing a site's users. In contrast, Windows authentication just uses your existing Windows login credentials; no need to log in separately. Windows auth is useful for intranet sites, like on a corporate network.

When the question first came up, I asked around, because I hadn't played with it myself. The first answer was "Just like in 'normal' ASP.NET!", which is to say, by setting the authentication mode in the application's Web.config file to "Windows." (Documentation.) Like this:

<authentication mode="Windows" />

It turned out, tho, that this didn't entirely work. Anyway, long story short, it looks like you do this:
  • Disable simple membership.
  • Require authentication. (Duh, right? Hold that thought.)
(Windows authentication also needs to be enabled, but that's the default in ASP.NET, so you don't actually need to explicitly switch that on.)

You can do these by creating a Web.config file in the Web Pages application and adding the following to it. (Highlights for the interesting bits.)

<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="EnableSimpleMembership" value="false" />
</appSettings>

<system.web>
<compilation debug="false" targetFramework="4.0" />
<authorization>
<deny users="?"/>
</authorization>

</system.web>
</configuration>

The line deny users="?" is the bit I mentioned earlier — this denies access to anonymous users, which is to say that it requires the user to be authenticated. As shown here, this would require authentication to access anything in the site. In an intranet site, that's probably fine, since none of your users are probably anonymous.

Then in a page, you can do this:

@WebSecurity.CurrentUserName

... and/or do all the other membership stuff that's supported for Windows authentication in the base membership system. (Not just the features of simple membership.)

However, problem. If you're testing your site using IIS Express, which is the default testing server for WebMatrix, you get an "Access Denied" error. Oh, bother.

The fix to this issue is to make a change in the applicationhost.config file, which is (as you might remember) in the following folder:

C:\Users\[you]\Documents\IISExpress\config

In the config file, find the windowsAuthentication element and change its enabled attribute to true. Like this:

<windowsAuthentication enabled="true">

Restart WebMatrix if you happened to have it open whilst doing all this.

This last fix — the change to applicationhost.config — is a machine-wide setting. If you want to configure Windows authentication for IIS Express for only specific folders/apps, you can use a <location> tag, which lets you apply configuration settings to specific files and folders in your site. (Info: location Element, HOW TO: Control Authorization Permissions in an ASP.NET Application.)

The <location> tag might look like this if you wanted to use Windows authentication in IIS Express for the application named WinauthTest:

<location path="WinAuthTest">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>

One final note. In Visual Studio, it's easier to configure IIS Express to use Windows authentication on a per-project basis. Open the project, and in Solution Explorer, select the project (parent) node, then press F4 to view properties. Then just set WindowsAuthentication to true:




Credit: This issue was actually investigated and solved by Erik Porter, who is the Program Manager for Web Pages stuff. I just wrote it up. :-)

[categories]   ,

|