Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET code to detect whether IIS "Windows Authentication" is enabled

I would like to be able to detect, from ASP.NET code, whether IIS currently has "Windows Authentication" "available"?

Starting from my application installed and currently running under "Anonymous Access", I want to detect:

  1. "Windows Authentication" component has actually been installed in IIS (e.g. some IIS7 have it not installed by default); and...
  2. "Windows Authentication" is actually "Enabled" on my virtual root/location.

I want this information to let the Administrator know whether he needs to take action in IIS before he actually attempts to switch it on on my application.

(Hence, for example, I think IIS7: How to define that windows authentication is turned on? does not help me, as that is looking at whether it is already on for my application; I want to know whether it is installed/can be turned on.)

My "solution" would need to work (or at least not "fail") with versions of IIS prior to 7 as well as 7 itself, so if there are differences there I need to know. Thanks.

like image 267
JonBrave Avatar asked Jun 27 '11 16:06

JonBrave


People also ask

How do I know if Windows Authentication is enabled in IIS?

On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.

Does ASP.NET support Windows Authentication?

Windows Authentication relies on the operating system to authenticate users of ASP.NET Core apps. You can use Windows Authentication when your server runs on a corporate network using Active Directory domain identities or Windows accounts to identify users.

How do I enable Windows form and authentication in IIS?

To configure forms authentication by using the UIOpen IIS Manager and navigate to the level you want to manage. In Features View, double-click Authentication. On the Authentication page, select Forms Authentication. In the Actions pane, click Enable to use Forms authentication with the default settings.

How do I turn off Windows Authentication in IIS?

In the IIS Manager: Expand the computer name, then Sites, then Default Web Site, then click on the name of the desired site. Select Authentication. Set Windows Authentication to Disabled and set Basic Authentication to Enabled.


2 Answers

My answer is based on @Paul Stovell's minimum requirements (that it only needs to work for IIS 7). When WindowsAuthentication is installed, the applicationHost.config file will have the following entry in the <globalModules> section:

<add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll" />

Using Microsoft.Web.Administration.dll, which can be found in %windir%\System32\inetsrv\, one can check for the existence of the WindowsAuthenticationModule with the following code:

ConfigurationSection globalModulesConfig = config.GetSection("system.webServer/globalModules");
ConfigurationElementCollection globalModulesCollection = globalModulesConfig.GetCollection();
bool installed = globalModulesCollection.FirstOrDefault(a => a.GetAttribute("name").Value.Equals("WindowsAuthenticationModule")) != null;

Since the applicationHost.config file resides in %windir%\System32\inetsrv\config, the application making this query requires elevated privileges.

like image 81
Tung Avatar answered Oct 15 '22 23:10

Tung


On the default aspx page check if the user is set to a type of WindowsPrincipal. If Windows authenication is not enabled then the type will be different.

Also for windows authenication to work, the browser should be configured for the NTLM handshake.

Will add some code later!

like image 43
ggonsalv Avatar answered Oct 15 '22 23:10

ggonsalv