We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Windows Authentication Help

Medium Priority
274 Views
Last Modified: 2012-05-11
Im having trouble setting up an application in the latest version of asp.net we use visual studio 2010.

I have two active directory groups of users that I only want to have access to this application but I DO NOT want a challenge response type prompt to show up for those who are denied.

So in IIS I have windows integrated checked.  Anonymous unchecked.  In my web.config I have what you see in the code attachment.  

In the code behind of the first page I have also attached.  Right now Im just printing the logged in name on the top of the master page.  Im sure I need to do more than this.

Any help is appreciated.



if (User.Identity.IsAuthenticated)
            {
                this.lbluser.Text = User.Identity.Name;
            }

Open in new window

<authentication mode="Windows" />
    <identity impersonate="true"/>
    <authorization>
      <allow roles="CITY.ROCH\DomesticPartners_Admins, CITY.ROCH\DomesticPartners_users" />
      <deny users="*" />
    </authorization>

Open in new window

Comment
Watch Question

Alpesh PatelSolution Architect at TCS (SAFe®Agilist, TOGAF® Foundation, PSM I®, MCP, MCSD)
CERTIFIED EXPERT

Commented:
Its looking fine.

Commented:
What is the error you are receiving?

Author

Commented:
But I notice when I step through the code that User.Identity.IsAuthenticated is = false.

So its not authenticating me.  Not sure why.

Author

Commented:
There is no error its just not working the way id like it to.  Its prompting users that have been added to the groups that im trying to allow.  On my local machine it is Not authenticating me for some reason.  Im checking the event viewer and not finding anything definitive.

In short Its denying people that it shouldnt.

Author

Commented:
Its letting me into the site but user.Identity.Isauthenticated is = false.

Author

Commented:
However maybe I need to add the following Else in page load?
if (User.Identity.IsAuthenticated)
            {
                this.lbluser.Text = User.Identity.Name;

            }
            else
            {
                Response.Redirect("AccessDenied.aspx");
            }

Open in new window

Author

Commented:
Ok so on my qa server what happens is I go right in but a non-authenticated user gets a prompt.

Instead I just want to send them to a page that I created that says access denied.

How do I get rid of the challenge response prompt?

Commented:
Modify the config file to give access to the aspx page.

<location path="AccessDenied.aspx">
  <system.web>
      <authorization>
             <allow users="*"/>
       </authorization>
  </system.web>
</location>

Author

Commented:
Here is what I have now in web.config.  Not sure its right.  Integrated Windows is being used in IIS.


<location path="Default.aspx">
    <system.web>
      <compilation debug="true" targetFramework="4.0">
        <assemblies>
          <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
          <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        </assemblies>
      </compilation>
      <customErrors mode="Off"/>
      <authentication mode="Windows" />
      <identity impersonate="true"/>
      <authorization>
        <allow roles="CITY.ROCH\DomesticPartners_Admins, CITY.ROCH\DomesticPartners_users" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="AccessDenied.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

Open in new window

Author

Commented:
Attached is the error im getting
domerr.JPG

Commented:
What if you change your web.config to this. Remove the location around the initial System.web tags.


<system.web>
      <compilation debug="true" targetFramework="4.0">
        <assemblies>
          <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
          <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        </assemblies>
      </compilation>
      <customErrors mode="Off"/>
      <authentication mode="Windows" />
      <identity impersonate="true"/>
      <authorization>
        <allow roles="CITY.ROCH\DomesticPartners_Admins, CITY.ROCH\DomesticPartners_users" />
        <deny users="*" />
      </authorization>
    </system.web>
  <location path="AccessDenied.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

Open in new window

Author

Commented:
That got rid of the error thank you.  But now I need to figure out how to not have the Challenge Response prompt coming up for non-authenticated users.  Instead Id rather be able to re-direct to a customer denied page.

Thanks.

Commented:
Change the AccessDenied.aspx Authorization from "?" to "*"
<location path="AccessDenied.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Open in new window

Author

Commented:
The authentication is working.  It forces a challenge response prompt for non-authenticated users however I would prefer to redirect the user to a page that says access denied.  That part is not happening.

Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Commented:
Are you able to navigage to http:\\<yourURL>\AccessDenied.aspx

Author

Commented:
We were able to find another solution
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.