I am developing an ASP.net web application for my company. Some users use this site in the internal network (Intranet) and some use the Internet site. I am using Windows Authentication mode.
I need to find a way to not prompt Windows Authentication mode for an Intranet user and prompt Windows Authentication mode for an Internet user.
How can I do this?
a) To create a web api project in windows authentication mode, follow below steps: After choosing ASP.Net Web Application, select Web API template and from the right side click Change Authentication button and select Windows Authentication.
On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.
The Windows operating system implements a default set of authentication protocols, including Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest, as part of an extensible architecture.
Windows-based authentication is manipulated between the Windows server and the client machine. The ASP.NET applications reside in Internet Information Server (IIS). Any user's web request goes directly to the IIS server and it provides the authentication process in a Windows-based authentication model.
Based on what your are describing, Windows Authentication in IIS will do the trick.
First some links:
However note the following:
Single sign-on (SSO) (i.e. accessing the application without providing a username and password) will occur if all the following are true:
Under any other circumstances the user will be prompted for credential (username and password) for an account within the Active Directory Domain. So user accessing your webserver from the internet would get a popup asking them to provide a username and password.
Be advised that for user not using single signon (user being prompted for username and password) the HTTP authentication mode will most likely be BASIC which mean that anybody that can intercept that connection will be able to see the username and password being exchanged. If you go with this technique make that the connection between client and server is encrypted (HTTPS or maybe a VPN).
Make sure your webserver is running on a domain and all your Intranet users have read access to the folder containing your website on the Web server.
Then, make sure you have in your web.config (assuming you want to detect which domain user is accessing your site.
Finally, open the IIS manager and right-click the website and choose "Properties". From there click the "Directory Security" tab and click "Edit" by Authentication and Access Control. Uncheck "Anonymous Access" and make sure "Integrated Windows Authentication" is checked. This should make the website behave as expected (assuming your intranet clients use IE)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With