Implementing Windows authentication and authorization using ASP.NET
To use the built in security of Windows and ASP.NET, implement Windows authentication and authorization on groups and users. To use Windows authentication, you must adjust settings in both Microsoft Internet Information Services (IIS) and the ASP.NET application Web.config file.
Requirements
| • | Microsoft Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server, or Windows XP Professional |
| • | Microsoft .NET Framework |
| • | Microsoft Internet Information Services (IIS) |
| • | Microsoft Visual Studio .NET |
Authentication and authorization
Windows authentication and Windows authorization are two terms that are frequently interchanged. However, they do not have the same meaning. Windows authentication permits the recipient to determine the user's identity. Windows authorization determines the resources to which a user may gain access.
Configure Web application for Windows authentication IIS.
To configure your Web application for Windows authentication, follow Configuration should be made on IIS where the website is hosted.
| 1. | Click Start, point to Programs, point to Administrative tools, and then click Internet Information Services. |
| 2. | The Internet Information Services MMC appears. Expand Computer, and then expand a Web site that uses Windows authentication. |
| 3. | Click the Website application you want to configure for windows authentication. |
| 4. | On the Action menu, click Properties. |
| 5. | In Properties, click the Directory Security tab. |
| 6. | Under Anonymous access and authentication control, click Edit. |
| 7. | In Authentication Methods, click to select Integrated Windows authentication. Click to clear all other check boxes. |
| 8. | Click OK. |
| 9. | In Properties, click OK. The Website application is now configured to accept valid user accounts. |
Configure the ASP.NET application
After you configure the IIS Web site for Integrated Windows Authentication, you must configure the ASP.NET application to recognize authenticated users. To do this, you must change the Web.config file. In the Web.config file, locate the
Because Integrated Windows Authentication uses the current Windows user information on the client computer for the authentication; it does not immediately prompt the user for a user name and password. However, if the authentication exchange cannot identify the user, a dialog box appears that prompts the user for a Windows user account user name and password.
Your user name appears in the following format: Domain Name\User Name
Restrict access
In ASP.NET, you set authorization to the application by adding settings in the Web.config file. You can specify which users or groups are permitted to have access to what resources as follows:
To permit all users of an NT Group named Managers to have access to your resources, use the following code:
To permit only specific users to have access, use the following code:
To use the built in security of Windows and ASP.NET, implement Windows authentication and authorization on groups and users. To use Windows authentication, you must adjust settings in both Microsoft Internet Information Services (IIS) and the ASP.NET application Web.config file.
No comments:
Post a Comment