• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Windows Authentication Help

Im having trouble setting up an application in the latest version of asp.net we use visual studio 2010.

I have two active directory groups of users that I only want to have access to this application but I DO NOT want a challenge response type prompt to show up for those who are denied.

So in IIS I have windows integrated checked.  Anonymous unchecked.  In my web.config I have what you see in the code attachment.  

In the code behind of the first page I have also attached.  Right now Im just printing the logged in name on the top of the master page.  Im sure I need to do more than this.

Any help is appreciated.



if (User.Identity.IsAuthenticated)
            {
                this.lbluser.Text = User.Identity.Name;
            }

Open in new window

<authentication mode="Windows" />
    <identity impersonate="true"/>
    <authorization>
      <allow roles="CITY.ROCH\DomesticPartners_Admins, CITY.ROCH\DomesticPartners_users" />
      <deny users="*" />
    </authorization>

Open in new window

0
rochestermn
Asked:
rochestermn
  • 11
  • 5
1 Solution
 
Alpesh PatelAssistant ConsultantCommented:
Its looking fine.
0
 
cojdevCommented:
What is the error you are receiving?
0
 
rochestermnAuthor Commented:
But I notice when I step through the code that User.Identity.IsAuthenticated is = false.

So its not authenticating me.  Not sure why.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
rochestermnAuthor Commented:
There is no error its just not working the way id like it to.  Its prompting users that have been added to the groups that im trying to allow.  On my local machine it is Not authenticating me for some reason.  Im checking the event viewer and not finding anything definitive.

In short Its denying people that it shouldnt.
0
 
rochestermnAuthor Commented:
Its letting me into the site but user.Identity.Isauthenticated is = false.
0
 
rochestermnAuthor Commented:
However maybe I need to add the following Else in page load?
if (User.Identity.IsAuthenticated)
            {
                this.lbluser.Text = User.Identity.Name;

            }
            else
            {
                Response.Redirect("AccessDenied.aspx");
            }

Open in new window

0
 
rochestermnAuthor Commented:
Ok so on my qa server what happens is I go right in but a non-authenticated user gets a prompt.

Instead I just want to send them to a page that I created that says access denied.

How do I get rid of the challenge response prompt?
0
 
cojdevCommented:
Modify the config file to give access to the aspx page.

<location path="AccessDenied.aspx">
  <system.web>
      <authorization>
             <allow users="*"/>
       </authorization>
  </system.web>
</location>
0
 
rochestermnAuthor Commented:
Here is what I have now in web.config.  Not sure its right.  Integrated Windows is being used in IIS.


<location path="Default.aspx">
    <system.web>
      <compilation debug="true" targetFramework="4.0">
        <assemblies>
          <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
          <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        </assemblies>
      </compilation>
      <customErrors mode="Off"/>
      <authentication mode="Windows" />
      <identity impersonate="true"/>
      <authorization>
        <allow roles="CITY.ROCH\DomesticPartners_Admins, CITY.ROCH\DomesticPartners_users" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="AccessDenied.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

Open in new window

0
 
rochestermnAuthor Commented:
Attached is the error im getting
domerr.JPG
0
 
cojdevCommented:
What if you change your web.config to this. Remove the location around the initial System.web tags.


<system.web>
      <compilation debug="true" targetFramework="4.0">
        <assemblies>
          <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
          <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        </assemblies>
      </compilation>
      <customErrors mode="Off"/>
      <authentication mode="Windows" />
      <identity impersonate="true"/>
      <authorization>
        <allow roles="CITY.ROCH\DomesticPartners_Admins, CITY.ROCH\DomesticPartners_users" />
        <deny users="*" />
      </authorization>
    </system.web>
  <location path="AccessDenied.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

Open in new window

0
 
rochestermnAuthor Commented:
That got rid of the error thank you.  But now I need to figure out how to not have the Challenge Response prompt coming up for non-authenticated users.  Instead Id rather be able to re-direct to a customer denied page.

Thanks.
0
 
cojdevCommented:
Change the AccessDenied.aspx Authorization from "?" to "*"
<location path="AccessDenied.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Open in new window

0
 
rochestermnAuthor Commented:
The authentication is working.  It forces a challenge response prompt for non-authenticated users however I would prefer to redirect the user to a page that says access denied.  That part is not happening.

0
 
rochestermnAuthor Commented:
Here is a web.config update and a c# page load update for the initial page.


protected void Page_Load(object sender, EventArgs e)
        {
            System.Security.Principal.IPrincipal User = HttpContext.Current.User;


            if (User.Identity.IsAuthenticated)
            {
                this.lbluser.Text = User.Identity.Name;

            }
            else
            {
                Response.Redirect("AccessDenied.aspx");
            }


        }

Open in new window

<system.web>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    <customErrors mode="Off"/>
    <authentication mode="Windows" />
    <identity impersonate="true"/>
    <authorization>
      <allow roles="CITY.ROCH\DomesticPartners_Admins, CITY.ROCH\DomesticPartners_users" />
      <deny users="*" />
    </authorization>
  </system.web>

  <location path="AccessDenied.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Open in new window

0
 
cojdevCommented:
Are you able to navigage to http:\\<yourURL>\AccessDenied.aspx
0
 
rochestermnAuthor Commented:
We were able to find another solution
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 11
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now