Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Windows authentication for Intranet/Internet

Tags:

authentication

asp.net

windows-authentication

intranet

I am developing an ASP.net web application for my company. Some users use this site in the internal network (Intranet) and some use the Internet site. I am using Windows Authentication mode.

I need to find a way to not prompt Windows Authentication mode for an Intranet user and prompt Windows Authentication mode for an Internet user.

How can I do this?

like image 537
balaweblog Avatar asked Mar 16 '09 18:03

balaweblog

People also ask

Can we use Windows Authentication in web API?

a) To create a web api project in windows authentication mode, follow below steps: After choosing ASP.Net Web Application, select Web API template and from the right side click Change Authentication button and select Windows Authentication.

How do I enable Windows Authentication for my website?

On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.

What authentication method does Windows use?

The Windows operating system implements a default set of authentication protocols, including Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest, as part of an extensible architecture.

What is Windows domain authentication?

Windows-based authentication is manipulated between the Windows server and the client machine. The ASP.NET applications reside in Internet Information Server (IIS). Any user's web request goes directly to the IIS server and it provides the authentication process in a Windows-based authentication model.

2 Answers

Based on what your are describing, Windows Authentication in IIS will do the trick.

First some links:

  • Technet as an article about the Windows Authentication in IIS here
  • MSDN tells you how to use Windows Authentication with ASP.NET 2.0 applications here

However note the following:

Single sign-on (SSO) (i.e. accessing the application without providing a username and password) will occur if all the following are true:

  • The client computer and the server are part of the same Active Directory domain.
  • The user session on the client computer is a user from the AD domain.
  • The client computer has access to a domain server (i.e. the server responsible for the user login)
  • The browser is Internet Explorer.
  • The URL used points to the FQDN of the server (i.e. http://SERVERNAME.DOMAIN.NAME/ not just http://SERVERNAME/
  • The authorized users must have read access to the application directory if you are using impersonate. The application will be running with their credential basically. (more details in the MSDN article)

Under any other circumstances the user will be prompted for credential (username and password) for an account within the Active Directory Domain. So user accessing your webserver from the internet would get a popup asking them to provide a username and password.

Be advised that for user not using single signon (user being prompted for username and password) the HTTP authentication mode will most likely be BASIC which mean that anybody that can intercept that connection will be able to see the username and password being exchanged. If you go with this technique make that the connection between client and server is encrypted (HTTPS or maybe a VPN).

like image 57
Pierre-Luc Simard Avatar answered Oct 07 '22 12:10

Pierre-Luc Simard

Make sure your webserver is running on a domain and all your Intranet users have read access to the folder containing your website on the Web server.

Then, make sure you have in your web.config (assuming you want to detect which domain user is accessing your site.

Finally, open the IIS manager and right-click the website and choose "Properties". From there click the "Directory Security" tab and click "Edit" by Authentication and Access Control. Uncheck "Anonymous Access" and make sure "Integrated Windows Authentication" is checked. This should make the website behave as expected (assuming your intranet clients use IE)

like image 39
iZ. Avatar answered Oct 07 '22 12:10

iZ.
Sign in to Comment

Related questions

ASP.NET application on IIS7 - very slow startup after iisreset
Prevent log4net to send duplicate issues via SMTP
How do you stream an Excel 2007 or Word 2007 file using asp.net and c#
What is the recommend naming convention for classes in a multi-tier-application?
recaptcha https problem on https://api-secure.recaptcha.net/
How to add TemplateField programmatically
Telerik DatePicker in IE 10 is not working
Setting a textbox value by JQuery
Twitter API application-only authentication (with linq2twitter)
How to change error message in ASP.NET Identity
HttpClient: Only one usage of each socket address (protocol/network address/port) is normally permitted
Vagrant file for .NET Developer (with Windows, IIS, MS SQL)
Error : String or binary data would be truncated. The data for table-valued parameter doesn't conform to the table type of the parameter
Dynamically create HTML table in C#
Image upload not working Always get the FALSE value
Can I make an ASP.NET Core controller internal?
VueJS 2 + ASP.NET MVC 5
Error BC30002 - Type XXX is not defined
What does "active directory integration" mean in your .NET app?
Updating a control outside the UpdatePanel

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!