I would like to be able to detect, from ASP.NET code, whether IIS currently has "Windows Authentication" "available"?
Starting from my application installed and currently running under "Anonymous Access", I want to detect:
I want this information to let the Administrator know whether he needs to take action in IIS before he actually attempts to switch it on on my application.
(Hence, for example, I think IIS7: How to define that windows authentication is turned on? does not help me, as that is looking at whether it is already on for my application; I want to know whether it is installed/can be turned on.)
My "solution" would need to work (or at least not "fail") with versions of IIS prior to 7 as well as 7 itself, so if there are differences there I need to know. Thanks.
On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.
Windows Authentication relies on the operating system to authenticate users of ASP.NET Core apps. You can use Windows Authentication when your server runs on a corporate network using Active Directory domain identities or Windows accounts to identify users.
To configure forms authentication by using the UIOpen IIS Manager and navigate to the level you want to manage. In Features View, double-click Authentication. On the Authentication page, select Forms Authentication. In the Actions pane, click Enable to use Forms authentication with the default settings.
In the IIS Manager: Expand the computer name, then Sites, then Default Web Site, then click on the name of the desired site. Select Authentication. Set Windows Authentication to Disabled and set Basic Authentication to Enabled.
My answer is based on @Paul Stovell's minimum requirements (that it only needs to work for IIS 7). When WindowsAuthentication is installed, the applicationHost.config file will have the following entry in the <globalModules>
section:
<add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll" />
Using Microsoft.Web.Administration.dll
, which can be found in %windir%\System32\inetsrv\
, one can check for the existence of the WindowsAuthenticationModule with the following code:
ConfigurationSection globalModulesConfig = config.GetSection("system.webServer/globalModules");
ConfigurationElementCollection globalModulesCollection = globalModulesConfig.GetCollection();
bool installed = globalModulesCollection.FirstOrDefault(a => a.GetAttribute("name").Value.Equals("WindowsAuthenticationModule")) != null;
Since the applicationHost.config file resides in %windir%\System32\inetsrv\config
, the application making this query requires elevated privileges.
On the default aspx page check if the user is set to a type of WindowsPrincipal. If Windows authenication is not enabled then the type will be different.
Also for windows authenication to work, the browser should be configured for the NTLM handshake.
Will add some code later!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With