Windows Authentication

[admdev]

Hi all,

I am designing an ASP.NET application, which uses the login control. What I am doing is getting the current windows user and if it exists in a backend database table (cross-reference), I am automatically letting the user in. I am facing two issues.

1). When I publish the web site, I keep getting the username and password prompt.

2). There could be an instance where a sneaky user might skip the logging page, by going directly into the main page. For example, default.aspx instead of the login.aspx. I want to prevent this.

Any help would be appreciated.

Thanks in advance.

[eclipsed4utoo]

I actually did something real similar to this. I had to do a "hybrid" authentication system where I needed to determine if the active directory account was in a database table. If it was, authenticate the user, if not, then send to a Forms Authentication page.

http://www.codeguru.com/forum/showthread.php?t=462169

1. That will happen if the windows user is not on the same domain.
2. This would be done in the web.config file. I have an example of it in my thread above.

[admdev]

eclipsed4utoo,

Thanks for your reply! As a matter of fact, I used your post before to get it working. However, when I open the application in IE, I keep getting the Windows login prompt. It does not happen in the development environment.

Also, do you have any idea on how to prevent a user from skipping the login screen. You know, they might be tempted to go directly into the defaul.aspx (or the page after the user is authenticated). In other words, if the user tries to go into a page within the application, they will be taken to the login page before the can see any other pages.

Thanks.

[eclipsed4utoo]

the web.config file will stop users from doing that. The 'deny' users part will deny any unauthenticated users from going to any pages. If they try, they will be redirected the the page that is specified by the "LoginURL" attribute. And since you are probably not storing the credentials, once the session is over, the user is no longer authenticated.

as for the prompt, did you make the IIS configuration changes to only use Windows Authetication? If you did, and you are still seeing the prompt, it means that the authentication failed for the domain that the server is on.