locked
How to check if logged in user can access another internal site in asp.net RRS feed

  • Question

  • User-1398387141 posted

    Hi Team,

    i wanted to check if logged in user (Windows users) have access to a particular site from another site (both are intranet).

    i am using below code i am using in my application, but it always throwing exception 403 forbidden error. i can access the site that i am trying from browser.

    var request = (HttpWebRequest)WebRequest.Create("My Application url here");
    request.UseDefaultCredentials = true;
    request.Proxy.Credentials = CredentialCache.DefaultCredentials;
    using (HttpWebResponse response = request.GetResponse() as HttpWebResponse) // here 403 forbidden exception throwing.
    {
    int statusCode = (int)response.StatusCode;
    }

    any help on this would be appreciated highly.

    Tuesday, May 26, 2020 10:02 AM

All replies

  • User475983607 posted

    i wanted to check if logged in user (Windows users) have access to a particular site from another site (both are intranet).

    Grant and Deny configuration is found in the web.config. 

    https://support.microsoft.com/en-us/help/323176/how-to-implement-windows-authentication-and-authorization-in-asp-net

    The web application root folder properties will show what users and groups have access to the application.

    https://www.avoiderrors.com/how-to-set-folder-sharing-permission-on-windows-10/

    Contact your security admin Ii you need further assistance.

    Tuesday, May 26, 2020 10:28 AM
  • User-1398387141 posted

    Thanks for checking this. my requirement is

    Check if user have access to another intranet site (Site-A) from my application (Site-B). (both these uses windows login)

    i dont have control on Site-A.

    Tuesday, May 26, 2020 12:43 PM
  • User475983607 posted

    Thanks for checking this. my requirement is

    Check if user have access to another intranet site (Site-A) from my application (Site-B). (both these uses windows login)

    i dont have control on Site-A.

    You misunderstand.  Windows user are granted or denied access to a web site.  Again, the web.config or application folder properties shows which users have access to a web application.  Simply redirect the user to Site-A.  If the user has access to Site -A then the user can view the site.   Otherwise, the user will see a access denied. 

    Your application (Site-B) runs under the application pool identity.  When Site-B tries to make an HTTP request, the request is running as Site-B's application pool identity not the Windows user.

    At this point it's not real clear what problem you are trying to solve.  Is Site-A a REST service?   Most likely the key is contacting the owners of Site-A and asking for assistance.

    Tuesday, May 26, 2020 1:02 PM