4

I have two questions concerning authentication of a intranet website and how to go about doing it.

  1. I want the first page the user comes to, to be the login page. I could have sworn there was a tag, something like [Authorize] that you put in your C# code that did this for you but I can't find it anymore. Right now the first page is my dafault.aspx. I turned on windows authentication in the web.config file and it automatically logged me in. So that is working, but I want the user to have to login as stated above. What do I have to do?
  2. I only want to allow people that are in a certain group to have access. How do I add this additional check?
Improve this question
1
  • Are the users based in Active Directory domain? Commented Dec 29, 2011 at 2:23

4 Answers 4

Reset to default
2

In your web.config file you need to add the following

<authentication mode="Forms">
  <forms loginUrl="YOUR LOGIN PAGE!!" timeout="2880" />
</authentication>

in the <system.web /> tag.

That will force the user to authenticate for that site.

The [Authorize] attribute is used to require a user be authenticated (like you had put in your question), BUT!! only for MVC applications http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx

With MVC you can also do the [RequiresAuthentication(Roles = "admin")] attribute which will give you control over which rolls have access to which endpoints.

I would seriously consider MVC

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yeah I thought about that but I am so far into this project now that I don't have the time to switch.
@Craig: You'll find the time to make the switch when whatever hack you throw together comes crashing down. You're fortunate enough to know what the right solution to your problem is -- implement it.
I took a position about a couple of years ago where I had to convert ~4 web systems from classic ASP to ASP.NET. I did all the work, everything was great. Then came MVC and I ended up converting 3 of the systems to MVC. I also decided to take all the Data layers and implement them in WCF. I left that job ~6 months ago. Everything is still working and the new dev has emailed me a few times telling me how grateful he is that I made the switch and how easy the code was to maintain. It's worth the time if you have it!
1

Use forms authentication instead of windows authentication. Have a look on these link they provide walk throughs for using forms authentication :

http://www.asp.net/web-forms/tutorials/security/introduction/an-overview-of-forms-authentication-vb

http://www.dotnetfunda.com/articles/article141.aspx

For using active directory go through these links :

http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx

http://msdn.microsoft.com/en-us/library/ff650308.aspx

Improve this answer

5 Comments

You can use forms authentication with active directory?
@Craig - What do you mean by " active directory " ?
No, you need to use Windows Authentication for Active Directory applications.
You can always validate the users against the Active Directory with the classes of the System.DirectoryServices namespace. This way you can make a custom authentication form and look give access according to the groups.
@Craig - No, you need to use Windows Authentication.
1

Here's a guide to setting up Forms Authentication on your site: https://web.archive.org/web/20211020150650/http://www.4guysfromrolla.com/webtech/110701-1.shtml

Part 2 has the meat of the stuff.

Improve this answer

Comments

0

Thanks for all the great input. They got me going in the right direction and then the customer decided to change direction. They want to have it auto login if they are in the right group, otherwise display and error message. The Form authentication would have worked as described.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.