Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Integrated Windows Authentication Implementation

ASP.NET 101

Integrated Windows Authentication Implementation

by  adamroof  Posted    (Edited  )
To assist in implementing an Intranet with IWA.
In IIS, select properties of your web app, Edit the Directory Security, uncheck Anonymous, and check only the Integrated Windows Authentication.

In your app directory, you need a web.config file
in that file set like so...

Code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <appSettings> 
        <add key="ConnectionString" value="server = localhost; Initial Catalog=helpdesk;integrated security=SSPI;Connect Timeout=15;Network Library=dbmssocn;"/>
    </appSettings>
    <system.web>
        <authentication mode="Windows" />
            <authorization>
                <allow roles="Domain\Domain Admins, Domain\Finance Group"/>
                <deny users="*"/>
            </authorization>
        <identity impersonate="true" />
    </system.web>
</configuration>
The Identity Impersonate will allow your domain users to be authenticated with their network login transparently. You can query that data into your pages as well.

set the connection string in your page, or call the appsettings in the web.config

Code:
Dim ConnectionString As String = "server=(local);database=helpdesk;trusted_connection=true"

In SQL Enterprise Manager, create users of the Database and grant access to the database you have with rights you want them to have. There is no need to add Local Accounts. You can add Domain\Domain Users, Domain\AnyDomainGroup, granting them access.

And as for auditing, heres what i did...in my tables i have each user listed by network login accounts, for example, mine is MyDomain\aroof, but my table only lists 'aroof' for ease of entry. Then i do the following on update of a record...

Code:
'Global Declaration
Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent
Dim strUser As String = user.name

'Place Page_Load events here
'Click of a button
Sub quickUpdate_Click(sender As Object, e As System.EventArgs)
 'Append to Users Input their domain name as entered into tables - No need to use substring if you want entire domain credentials
 Dim upText As String = Update.Text & " - " &  strUser.Substring(strUser.IndexOf("\") + 1)
                                        
 Dim myConnection As New SqlConnection(ConnectionString)
 Dim UpdateCommand As SqlCommand = new SqlCommand()
 UpdateCommand.Connection = myConnection
    
 UpdateCommand.CommandText = "INSERT INTO tblIncHist(IncidentID, IncHistDate, IncHistDetails, IncStatus) VALUES (@IncidentID, GetDate(), '" & Replace(upText, "'", "''") & "', @StatusID)" 
                                       
 UpdateCommand.Parameters.Add("@IncidentID", SqlDbType.Int, 4).Value = IncidentID
 UpdateCommand.Parameters.Add("@StatusID", SqlDbType.Int, 4).Value = statID
         
 ' execute the command
 Try
  myConnection.Open()
  UpdateCommand.ExecuteNonQuery()
 Catch ex as Exception
  Message.Text = ex.ToString()
 Finally  
  myConnection.Close()
 End Try  
        
 BindDetailGrid() 
End Sub

What that does is append to the text a -Aroof at the end. The indexof removes the 'domain\' that IIS knows the user as because of IWA. You can call that into a seperate Auditing table if youd like.

To Enter the login info into a textbox you can do this.
Code:
<%@ Page Language="VB" debug="true"%>
<script language="VB" runat="server">
Sub Page_Load(Sender as Object, E as EventArgs)
 Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent
 Dim strUser As String = user.name
 myLabel.Text = strUser
 myLabel2.Text = strUser.Substring(strUser.IndexOf("\") + 1)
End Sub
</script>
<html>
<head>
  <title>I Know Who You Are</title>
</head>
<body>
<form runat="server">
You are:&nbsp<asp:Label id=myLabel runat=server /><br>
Or also known as:&nbsp<asp:Label id=myLabel2 runat=server />
</form>
</html>

My Tables are as such, which allows me to call them by full name...
ClientID, ClientName, ClientNetworkID
57 Adam Roof aroof

so another example is this...

Code:
Sub Page_Load(Sender As Object, e As EventArgs)
 If strUser <> "" Then
  strUser = strUser.Substring(strUser.IndexOf("\") + 1)
 Dim myConnection As New SqlConnection(ConnectionString)
 Dim SelectCommand As String = "SELECT ClientID, ClientName, ClientNetworkID FROM tblClients WHERE NetworkID LIKE '" & strUser & "'"
 Dim myAdapter As SqlDataAdapter = New SqlDataAdapter(myCommand)
 Dim dataset As DataSet = New DataSet()
   myAdapter.Fill(dataset)
   Try
     userTxt.Text = dataset.tables(0).rows(0).item("ClientName")
   Catch ex as Exception
     userTxt.Text = "Your login has not been entered into our Database. Please contact the Help Desk to correctly use the features of the Intranet"
     ViewState("denied") = "True"
   Finally
     myConnection.Close()               
   End Try
 End If
 
 If ViewState("denied") <> "" Then
   Exit Sub
 Else
 'Continue loading the rest of the page
 End If

One final point is that if you access your Intranet via IE5.5 or greater, AND you use the FQDN to connect (http://myserver.mydomain.ent) then IWA will still prompt you for your credential UNLESS you add the site to your Intranet Zone in IE Internet Options. OR YOU CAN access the site WITHOUT a dot (http://myserver) then it wont prompt you! It will be transparent.
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top