Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows based authentication - help!!!

Status
Not open for further replies.
emblewembl

emblewembl

Programmer
May 16, 2002
171
GB
I am trying to use Windows based authentication on our intranet. I have set my web.config file up but now it seems to reject all users whether they are logged in or not and I don't understand why!! My web.config file looks like this:

<?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; ?>

<configuration>
<appSettings>
<add key=&quot;connectionstring&quot; value=&quot;data source=PROJSQL;Initial Catalog=SQL_Ver2;uid=bob;pwd=2235;&quot; />
</appSettings>

<system.web>
<authentication mode=&quot;Windows&quot; />
<identity impersonate=&quot;true&quot; />

<authorization>
<deny users=&quot;?&quot; />
</authorization>
</system.web>

</configuration>

What am i doing wrong? i love chocolate
 
Sort by date Sort by votes
Try adding

<allow users=&quot;*&quot;/>

just before the <deny.../> line

This should deny any anonymous attempts (not logged in), and allow anyone logged in to access the site. In my internal site, I use <allow roles=&quot;...&quot;/>, so I can add only the people I want to have access to the NT Group.
 
Upvote 0 Downvote
Thanks for the help 'RealQuiet'... but I have now found out why I was having trouble. I'm posting it here as it held me up for a long time and I only found one small reference to it on the net!! When using an Intranet you can load your site in one of several ways as follows:

1. --> using IP address of server

2. --> using server name

If you use number 1, using the IP address, then no matter how you have set up your web.config file, you will always be prompted for the windows log in. Because there are 'dots' in the name, i.e. in the IP address, then IE will recognise it as an INTERNET site, NOT an INTRANET site. Therefore, for security purposes it asks the user to re-confirm their Windows log in details.

If you use number 2, using the server machine name to get to your site, it all works fine as IE sees it as an Intranet, and therefore 'invisibly' gets the Windows log in details and authorises you.

Hope that helps other people not struggle as much as I did!!!

:)
i love chocolate
 
Upvote 0 Downvote
I haven't experienced that issue with our Intranet site. I think it may have to do something with the Proxy setup. Seems like I had this problem when the traffic was going through the a proxy, it loses the user info. We have IE set up to bypass the proxy server for internal addresses.
 
Upvote 0 Downvote
emblewembl

I've having a similar issue with exporting to XL, (works fine for some, but some users get prompted for a network password) I'll definitely look into your proposed solution

S.

(The more ASP.NET I do, the more Javascript I find myself using)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

G12Consult
  • Locked
  • Question
Help with Json
Replies
2
Views
807
gmmastros
gmmastros
Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
691
Moregelen
Moregelen
engsalah2018
  • Locked
  • Question
How to get label text from table reference on database based on TableName and FieldName
Replies
2
Views
742
jbenson001
jbenson001
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
423
Rajkumarrrrr
Rajkumarrrrr
NoCoolHandle
  • Locked
  • Question
Integrate Facebook (social) logins with Forms authentication..
Replies
0
Views
194
NoCoolHandle
NoCoolHandle

Part and Inventory Search

Sponsor

Back
Top