To assist in implementing an Intranet with IWA.
In IIS, select properties of your web app, Edit the Directory Security, uncheck Anonymous, and check only the Integrated Windows Authentication.
In your app directory, you need a web.config file
in that file set like so...
Code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ConnectionString" value="server = localhost; Initial Catalog=helpdesk;integrated security=SSPI;Connect Timeout=15;Network Library=dbmssocn;"/>
</appSettings>
<system.web>
<authentication mode="Windows" />
<authorization>
<allow roles="Domain\Domain Admins, Domain\Finance Group"/>
<deny users="*"/>
</authorization>
<identity impersonate="true" />
</system.web>
</configuration>
The Identity Impersonate will allow your domain users to be authenticated with their network login transparently. You can query that data into your pages as well.
set the connection string in your page, or call the appsettings in the web.config
Code:
Dim ConnectionString As String = "server=(local);database=helpdesk;trusted_connection=true"
In SQL Enterprise Manager, create users of the Database and grant access to the database you have with rights you want them to have. There is no need to add Local Accounts. You can add Domain\Domain Users, Domain\AnyDomainGroup, granting them access.
And as for auditing, heres what i did...in my tables i have each user listed by network login accounts, for example, mine is MyDomain\aroof, but my table only lists 'aroof' for ease of entry. Then i do the following on update of a record...
Code:
'Global Declaration
Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent
Dim strUser As String = user.name
'Place Page_Load events here
'Click of a button
Sub quickUpdate_Click(sender As Object, e As System.EventArgs)
'Append to Users Input their domain name as entered into tables - No need to use substring if you want entire domain credentials
Dim upText As String = Update.Text & " - " & strUser.Substring(strUser.IndexOf("\") + 1)
Dim myConnection As New SqlConnection(ConnectionString)
Dim UpdateCommand As SqlCommand = new SqlCommand()
UpdateCommand.Connection = myConnection
UpdateCommand.CommandText = "INSERT INTO tblIncHist(IncidentID, IncHistDate, IncHistDetails, IncStatus) VALUES (@IncidentID, GetDate(), '" & Replace(upText, "'", "''") & "', @StatusID)"
UpdateCommand.Parameters.Add("@IncidentID", SqlDbType.Int, 4).Value = IncidentID
UpdateCommand.Parameters.Add("@StatusID", SqlDbType.Int, 4).Value = statID
' execute the command
Try
myConnection.Open()
UpdateCommand.ExecuteNonQuery()
Catch ex as Exception
Message.Text = ex.ToString()
Finally
myConnection.Close()
End Try
BindDetailGrid()
End Sub
What that does is append to the text a -Aroof at the end. The indexof removes the 'domain\' that IIS knows the user as because of IWA. You can call that into a seperate Auditing table if youd like.
To Enter the login info into a textbox you can do this.
Code:
<%@ Page Language="VB" debug="true"%>
<script language="VB" runat="server">
Sub Page_Load(Sender as Object, E as EventArgs)
Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent
Dim strUser As String = user.name
myLabel.Text = strUser
myLabel2.Text = strUser.Substring(strUser.IndexOf("\") + 1)
End Sub
</script>
<html>
<head>
<title>I Know Who You Are</title>
</head>
<body>
<form runat="server">
You are: <asp:Label id=myLabel runat=server /><br>
Or also known as: <asp:Label id=myLabel2 runat=server />
</form>
</html>
My Tables are as such, which allows me to call them by full name...
ClientID, ClientName, ClientNetworkID
57 Adam Roof aroof
so another example is this...
Code:
Sub Page_Load(Sender As Object, e As EventArgs)
If strUser <> "" Then
strUser = strUser.Substring(strUser.IndexOf("\") + 1)
Dim myConnection As New SqlConnection(ConnectionString)
Dim SelectCommand As String = "SELECT ClientID, ClientName, ClientNetworkID FROM tblClients WHERE NetworkID LIKE '" & strUser & "'"
Dim myAdapter As SqlDataAdapter = New SqlDataAdapter(myCommand)
Dim dataset As DataSet = New DataSet()
myAdapter.Fill(dataset)
Try
userTxt.Text = dataset.tables(0).rows(0).item("ClientName")
Catch ex as Exception
userTxt.Text = "Your login has not been entered into our Database. Please contact the Help Desk to correctly use the features of the Intranet"
ViewState("denied") = "True"
Finally
myConnection.Close()
End Try
End If
If ViewState("denied") <> "" Then
Exit Sub
Else
'Continue loading the rest of the page
End If
One final point is that if you access your Intranet via IE5.5 or greater, AND you use the FQDN to connect (http://myserver.mydomain.ent) then IWA will still prompt you for your credential UNLESS you add the site to your Intranet Zone in IE Internet Options. OR YOU CAN access the site WITHOUT a dot (http://myserver) then it wont prompt you! It will be transparent.
