0

I'm trying to create a site security strategy that will allow authenticated AD users hit a site, without a login page, and deny access to users who are not authenticated. I have developed a proof-of-concept site based on http://www.christowles.com/2011/04/aspnet-forms-based-authentication-with.html but all I can make it do is authenticate against an Active Directory Membership Provider via a login page. I'd like to avoid that whole login thing. Does any one have any advice as to how I go about this?

4
Contributors
3
Replies
22
Views
4 Years
Discussion Span
Last Post by annaharris
0

Yes, I've used that example from that site myself as well.

If you want to avoid the login process all together, you dont have to integrate your intranet site with Active Directory in that manner. Since you are developing an asp.net application, the assumption here is that you are running this on an Windows Server running IIS. If you disable anonymous authentication, and enable Windows Authentication in the web site settings, you can get the user's credentials in your asp.net code. A user's browser will send the currently logged on user's credentials to the web server in the form of domain\username.

In your asp.net code, you access this information as follows:

VB example...

Dim CurrentUser as String = User.Identity.Name

If you do need additional information after you have collected the user's login credentials, you could peform a lookup in Active Directory to retrieve the user's name, email addresss, and other attributes using DirectoryEntry and DirectorySearcher objects.

Edited by JorgeM

0

I think what you are looking for is Windows authentication rather than Forms authentication.

You can set this in the web.config file as

<system.web>
    <authentication mode="Windows"/>
</system.web>

You can read some about this on MSDN - you wont need to worry about impersonation unless the website needs to access restricted resources such as server shared directories.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.