Forum Moderators: open
I have two servers, One is for testing and one is for production. On the test server I setup a folder in my wwwroot, and configured it in IIS -> Directory Security -> Authentication & Access Control to Basic Authentication (turning off all other options including Anonymous Access).
I then setup a page that showed the values of Page.User.Identity.Name, System.Security.Principal.WindowsIdentity.GetCurrent().Name, and System.Threading.Thread.CurrentPrincipal.Identity.Name.
On the testing server this page worked fine, and the username of the person who accessed the page would be displayed on the page via the variables.
I then moved the everything over to production, including the files and the IIS configuration. Here's where the problem popped up. Now, on production, when the user requests the page, it is spitting a "Please enter your username and password" dialog box. Once they type this in, they get in just fine...but it's annoying, and it doesn't happen on the test server.
I would very much like to avoid this dialog popping up, but I can't for the life of me find a difference between the test server and the production server which would clue me in to what the difference between the two is causing one to work fine and one to work not so fine.
Any ideas?
-Mike
You want basic authentication, but you don't want a login box?
What mechanism do you want to use to authenticate the user if it's not a username/password combo?
Users on the network must log in, on their computers [Windows 2000], to the domain using a username/password combination. This checks their credentials against Active Directory and, barring a failure, loads their desktop settings.
By disabling Anonymous Access to my web application, I should be able to see the username that that person logged into the computer they are using to access the web application.
For instance, if I logged into my computer using John.Smith and accessed a web application with Basic Authentication turned on and Anonymous Access turned off I should be able to get (without asking) "John.Smith" using .NET
As a developer I know the user names that I want to allow into my application. I put these names into a database table, I grab the user name of each request to the page and validate it against this table. If their on the guest list I let them in, if they aren't I send them away...the whole point being that I never have to ask them for anything...they already gave it to me when they logged in to their computer and bound to active directory.
This is working 100% in my test environment, but is throwing up a dialog in production and I can't figure out why.
-Mike
For instance, if I logged into my computer using John.Smith and accessed a web application with Basic Authentication turned on and Anonymous Access turned off I should be able to get (without asking) "John.Smith" using .NET
No, if you have Basic Authentication turned on, then the user will be asked for a username and password.
[faqs.org...]
If you want to authenticate based on the Windows User Name, then you need to use "Windows Authentication", not "Basic Authentication"
The application is for internal use only, and everyone who uses a computer at this company must log in to the computer (windows 2000) using a username / password combination. This validation is stored in an Active Directory.
I would like to create an authentication module for my asp.net c# web application that validates against the windows login. I would store in a database table the users who have permission to access the restricted pages, and at each page request compare the user trying to access against my list of allowed users.
If the user is on the list, it lets them in (without bothering them with a "Please enter your user name and password"). If the user is not on the list it sends them to a "You are not authorized to access" page.
I have a basic idea of the IIS configurations and .net code required to accomplish this task, but I have been running into problems and would appreciate an expert explaining how to do this.
-Mike
