The authentication methods offered by IIS (apart from Anonymous authentication), such as Basic, Digest, Integrated Windows Authentication or its other Forms (NTLM/Kerberos), or Certificates, are employed in the Windows authentication mechanism. This method is very easy to implement because you can implement it with minimal ASP.NET coding, and IIS itself validates the user 's credentials. The Windows authentication method is particularly appropriate for intranet applications. Moreover, it works for all content types, not only for ASP.NET resources. If a user requests the protected resource, the IIS initially authenticates the user and attaches the security token to it. ASP.NET employs the authenticated identities token to decide whether or not the request is granted. You can use impersonation to restrict or permit access to the protected resources. If impersonation is enabled, ASP.NET impersonates the user by means of the security token attached with the request. It then verifies whether the user is authorized to access the resources. If the access is granted, ASP.NET sends the requested resources through IIS; otherwise , it sends an error message to the user. To enable Windows authentication, configure the Web.config [15] file by setting the authentication mode to Windows and denying access to anonymous user, as follows .
<configuration> <system.web> <authentication mode="Windows"/> <authorization> <allow users="Domainname\GroupName"/> <deny users="*"/> </authorization> <identity impersonate="true" /> </system.web> </configuration> The public instance properties defined in the WindowsIdentity class are shown in Table 9-13. Table 9-13. Public Instance Properties Defined in the WindowsIdentity Class
The public static (shared) methods defined in the WindowsIdentity class are shown in Table 9-14. Table 9-14. Public Static (Shared) Methods Defined in the WindowsIdentity Class
To implement Windows authentication, set the authentication mode in the Web.config file as shown next , and disable anonymous access. Finally, configure the Windows user accounts on your Web server if they are not already present. <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> In Windows authentication you can retrieve information directly from the User object. That is, if a user is authenticated and authorized, then your application can get information about the user by using the User object's Identity property. For example, for the following code, the output will be as shown in Figure 9-8. private void Page_Load(object sender, System.EventArgs e) { AuthLabel.Text = "Authentication: " + User.Identity.IsAuthenticated.ToString(); UserLabel.Text = "UserName: " + User.Identity.Name; AuthtypeLabel.Text = "AuthenticationType: " + User.Identity.AuthenticationType; } Figure 9-8. Retrieving Windows authentication information (running locally).
If you run the project remotely, ASP.NET displays a dialog box in the browser to collect the username and password, as shown in Figure 9-9. If the given username and password match for the network domain, then ASP.NET authenticates you to use the application. Figure 9-9. Dialog box to connect username and password.
|