Windows Authentication


The authentication methods offered by IIS (apart from Anonymous authentication), such as Basic, Digest, Integrated Windows Authentication or its other Forms (NTLM/Kerberos), or Certificates, are employed in the Windows authentication mechanism. This method is very easy to implement because you can implement it with minimal ASP.NET coding, and IIS itself validates the user 's credentials. The Windows authentication method is particularly appropriate for intranet applications. Moreover, it works for all content types, not only for ASP.NET resources.

If a user requests the protected resource, the IIS initially authenticates the user and attaches the security token to it. ASP.NET employs the authenticated identities token to decide whether or not the request is granted. You can use impersonation to restrict or permit access to the protected resources. If impersonation is enabled, ASP.NET impersonates the user by means of the security token attached with the request. It then verifies whether the user is authorized to access the resources. If the access is granted, ASP.NET sends the requested resources through IIS; otherwise , it sends an error message to the user.

To enable Windows authentication, configure the Web.config [15] file by setting the authentication mode to Windows and denying access to anonymous user, as follows .

[15] Configuring an ASP.NET application has no effect on the IIS Directory Security settings. The systems are completely independent and are applied in sequence.

 <configuration>   <system.web>       <authentication mode="Windows"/>       <authorization>            <allow             users="Domainname\GroupName"/>       <deny users="*"/>       </authorization> <identity impersonate="true" />   </system.web> </configuration> 

The public instance properties defined in the WindowsIdentity class are shown in Table 9-13.

Table 9-13. Public Instance Properties Defined in the WindowsIdentity Class

Public Property

Description

IsAnonymous

Gets a value indicating whether the user account is identified as an anonymous account by the system.

IsAuthenticated

Gets a value indicating whether the user has been authenticated by Windows.

IsGuest

Gets a value indicating whether the user account is identified as a Guest account by the system.

IsSystem

Gets a value indicating whether the user account is identified as a System account by the system.

Name

Gets the user's Windows log-on name.

Token

Gets the Windows account token for the user.

The public static (shared) methods defined in the WindowsIdentity class are shown in Table 9-14.

Table 9-14. Public Static (Shared) Methods Defined in the WindowsIdentity Class

Public Method

Description

GetAnonymous

Returns a WindowsIdentity object representing an anonymous Windows user.

GetCurrent

Returns a WindowsIdentity object representing the current Windows user.

Impersonate

Allows code to impersonate a different Windows user.

To implement Windows authentication, set the authentication mode in the Web.config file as shown next , and disable anonymous access. Finally, configure the Windows user accounts on your Web server if they are not already present.

 <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> 

In Windows authentication you can retrieve information directly from the User object. That is, if a user is authenticated and authorized, then your application can get information about the user by using the User object's Identity property. For example, for the following code, the output will be as shown in Figure 9-8.

 private void Page_Load(object sender, System.EventArgs e)  {     AuthLabel.Text = "Authentication: " + User.Identity.IsAuthenticated.ToString();     UserLabel.Text = "UserName: " + User.Identity.Name;     AuthtypeLabel.Text = "AuthenticationType: " + User.Identity.AuthenticationType;  } 
Figure 9-8. Retrieving Windows authentication information (running locally).

graphics/09fig08.gif

If you run the project remotely, ASP.NET displays a dialog box in the browser to collect the username and password, as shown in Figure 9-9. If the given username and password match for the network domain, then ASP.NET authenticates you to use the application.

Figure 9-9. Dialog box to connect username and password.

graphics/09fig09.gif



.NET Security and Cryptography
.NET Security and Cryptography
ISBN: 013100851X
EAN: 2147483647
Year: 2003
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net