INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

ASP.NET 101

Integrated Windows Authentication Implementation by adamroof
Posted: 11 Aug 04

To assist in implementing an Intranet with IWA.
In IIS, select properties of your web app, Edit the Directory Security, uncheck Anonymous, and check only the Integrated Windows Authentication.

In your app directory, you need a web.config file
in that file set like so...

CODE

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <appSettings>
        <add key="ConnectionString" value="server = localhost; Initial Catalog=helpdesk;integrated security=SSPI;Connect Timeout=15;Network Library=dbmssocn;"/>
    </appSettings>
    <system.web>
        <authentication mode="Windows" />
            <authorization>
                <allow roles="Domain\Domain Admins, Domain\Finance Group"/>
                <deny users="*"/>
            </authorization>
        <identity impersonate="true" />
    </system.web>
</configuration>
The Identity Impersonate will allow your domain users to be authenticated with their network login transparently. You can query that data into your pages as well.

set the connection string in your page, or call the appsettings in the web.config

CODE

Dim ConnectionString As String = "server=(local);database=helpdesk;trusted_connection=true"

In SQL Enterprise Manager, create users of the Database and grant access to the database you have with rights you want them to have. There is no need to add Local Accounts. You can add Domain\Domain Users, Domain\AnyDomainGroup, granting them access.

And as for auditing, heres what i did...in my tables i have each user listed by network login accounts, for example, mine is MyDomain\aroof, but my table only lists 'aroof' for ease of entry. Then i do the following on update of a record...

CODE

'Global Declaration
Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent
Dim strUser As String = user.name

'Place Page_Load events here
'Click of a button
Sub quickUpdate_Click(sender As Object, e As System.EventArgs)
 'Append to Users Input their domain name as entered into tables - No need to use substring if you want entire domain credentials
 Dim upText As String = Update.Text & " - " &  strUser.Substring(strUser.IndexOf("\") + 1)
                                        
 Dim myConnection As New SqlConnection(ConnectionString)
 Dim UpdateCommand As SqlCommand = new SqlCommand()
 UpdateCommand.Connection = myConnection
    
 UpdateCommand.CommandText = "INSERT INTO tblIncHist(IncidentID, IncHistDate, IncHistDetails, IncStatus) VALUES (@IncidentID, GetDate(), '" & Replace(upText, "'", "''") & "', @StatusID)"
                                       
 UpdateCommand.Parameters.Add("@IncidentID", SqlDbType.Int, 4).Value = IncidentID
 UpdateCommand.Parameters.Add("@StatusID", SqlDbType.Int, 4).Value = statID
         
 ' execute the command
 Try
  myConnection.Open()
  UpdateCommand.ExecuteNonQuery()
 Catch ex as Exception
  Message.Text = ex.ToString()
 Finally  
  myConnection.Close()
 End Try  
        
 BindDetailGrid()
End Sub

What that does is append to the text a -Aroof at the end. The indexof removes the 'domain\' that IIS knows the user as because of IWA. You can call that into a seperate Auditing table if youd like.

To Enter the login info into a textbox you can do this.

CODE

<%@ Page Language="VB" debug="true"%>
<script language="VB" runat="server">
Sub Page_Load(Sender as Object, E as EventArgs)
 Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent
 Dim strUser As String = user.name
 myLabel.Text = strUser
 myLabel2.Text = strUser.Substring(strUser.IndexOf("\") + 1)
End Sub
</script>
<html>
<head>
  <title>I Know Who You Are</title>
</head>
<body>
<form runat="server">
You are:&nbsp<asp:Label id=myLabel runat=server /><br>
Or also known as:&nbsp<asp:Label id=myLabel2 runat=server />
</form>
</html>

My Tables are as such, which allows me to call them by full name...
ClientID, ClientName, ClientNetworkID
57        Adam Roof    aroof

so another example is this...

CODE

Sub Page_Load(Sender As Object, e As EventArgs)
 If strUser <> "" Then
  strUser = strUser.Substring(strUser.IndexOf("\") + 1)
 Dim myConnection As New SqlConnection(ConnectionString)
 Dim SelectCommand As String = "SELECT ClientID, ClientName, ClientNetworkID FROM tblClients WHERE NetworkID LIKE '" & strUser & "'"
 Dim myAdapter As SqlDataAdapter = New SqlDataAdapter(myCommand)
 Dim dataset As DataSet = New DataSet()
   myAdapter.Fill(dataset)
   Try
     userTxt.Text = dataset.tables(0).rows(0).item("ClientName")
   Catch ex as Exception
     userTxt.Text = "Your login has not been entered into our Database. Please contact the Help Desk to correctly use the features of the Intranet"
     ViewState("denied") = "True"
   Finally
     myConnection.Close()               
   End Try
 End If
 
 If ViewState("denied") <> "" Then
   Exit Sub
 Else
 'Continue loading the rest of the page
 End If

One final point is that if you access your Intranet via IE5.5 or greater, AND you use the FQDN to connect (http://myserver.mydomain.ent) then IWA will still prompt you for your credential UNLESS you add the site to your Intranet Zone in IE Internet Options. OR YOU CAN access the site WITHOUT a dot (http://myserver) then it wont prompt you! It will be transparent.

Back to Microsoft: ASP.NET FAQ Index
Back to Microsoft: ASP.NET Forum

My Archive

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close