locked
Windows authentication with ASP.NET Web Pages/WebMatrix RRS feed

  • Question

  • User1526116210 posted

    I would like to create a site using windows authentication because this site will be acting as an intranet site and it would be more convenient for the different user groups if authentication is handled by logging on to windows. I have a few questions about implementing windows authentication.

    1. What is the razor syntax to check the user group that the user is logged in as?
    2. Will this affect other sites hosted on the same server?
    3. Does anyone have experience in using windows authentication?
    4. Is there a better option for convenience?
    Monday, August 5, 2013 5:17 AM

Answers

  • User-821857111 posted

    You can get the name of the currently logged in user from WebSecurity.CurrentUserName just as if you were using Forms Authentication.

    The method of authentication that you choose is set on a site-by-site basis.

    Here's an article that shows how to implement Windows Authentication in Web Pages: http://mikepope.com/blog/AddComment.aspx?blogid=2298

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, August 5, 2013 8:46 AM
  • User-821857111 posted

    You enable roles in the web.config and specify the WindowsTokenRoleProvider as role provider. Here's a sample web.cofig:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <appSettings>
            <add key="EnableSimpleMembership" value="false" />
        </appSettings>
    
        <system.web>
            <compilation debug="true" targetFramework="4.0" />
            <authentication mode="Windows" />
            <roleManager enabled="true" defaultProvider="WindowsProvider">
                <providers>
                    <clear />
                    <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
                </providers>
            </roleManager>
        </system.web>
    </configuration>

    Then you can use Roles:

    if(Roles.IsUserInRole(WebSecurity.CurrentUserName, @"MyDomain\Students")){
        //they are a student
    }
    if(Roles.IsUserInRole(WebSecurity.CurrentUserName, @"MyDomain\Administrators")){
        //they are an administrator
    }
    //etc



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 6, 2013 1:54 AM

All replies

  • User-821857111 posted

    You can get the name of the currently logged in user from WebSecurity.CurrentUserName just as if you were using Forms Authentication.

    The method of authentication that you choose is set on a site-by-site basis.

    Here's an article that shows how to implement Windows Authentication in Web Pages: http://mikepope.com/blog/AddComment.aspx?blogid=2298

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, August 5, 2013 8:46 AM
  • User1526116210 posted

    Thank you but how can I check if the user is logged in as an administrator and how to check what user group they are logged in as?

    The situation is that I would like different access for students, teachers and administrators and there are different user groups for each of these.

    Monday, August 5, 2013 9:57 PM
  • User-821857111 posted

    You enable roles in the web.config and specify the WindowsTokenRoleProvider as role provider. Here's a sample web.cofig:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <appSettings>
            <add key="EnableSimpleMembership" value="false" />
        </appSettings>
    
        <system.web>
            <compilation debug="true" targetFramework="4.0" />
            <authentication mode="Windows" />
            <roleManager enabled="true" defaultProvider="WindowsProvider">
                <providers>
                    <clear />
                    <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
                </providers>
            </roleManager>
        </system.web>
    </configuration>

    Then you can use Roles:

    if(Roles.IsUserInRole(WebSecurity.CurrentUserName, @"MyDomain\Students")){
        //they are a student
    }
    if(Roles.IsUserInRole(WebSecurity.CurrentUserName, @"MyDomain\Administrators")){
        //they are an administrator
    }
    //etc



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 6, 2013 1:54 AM
  • User1526116210 posted

    Thank you very much

    Tuesday, August 6, 2013 2:58 AM
  • User1526116210 posted

    Have I done something wrong because @WebSecurity.CurrentUserName doesn't render anything? I have set Windows Authentication to enabled in Visual Studio and my web.config file looks as follows

    <?xml version="1.0" encoding="utf-8"?>
    
    <configuration>
        <appSettings>
            <add key="EnableSimpleMembership" value="false" />
        </appSettings>
        <system.web>
            <compilation debug="true" targetFramework="4.0" />
      	    <authentication mode="Windows" />
                <roleManager enabled="true" defaultProvider="WindowsProvider">
                    <providers>
                        <clear />
                        <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
                    </providers>
                </roleManager>
        </system.web>
        <system.data>
            <DbProviderFactories>
                <remove invariant="System.Data.SqlServerCe.4.0" />
                <add invariant="System.Data.SqlServerCe.4.0" name="Microsoft® SQL Server® Compact 4.0" description=".NET Framework Data Provider for Microsoft SQL Server Compact" type="System.Data.SqlServerCe.SqlCeProviderFactory, System.Data.SqlServerCe, Version=4.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
            </DbProviderFactories>
        </system.data>
    </configuration>



    Tuesday, August 6, 2013 5:37 AM
  • User-821857111 posted

    I have set Windows Authentication to enabled in Visual Studio

    Have you also set Anonymous Authentication to Disabled?

    Tuesday, August 6, 2013 5:49 AM
  • User1526116210 posted

    Yeah I read that somewhere else and tried it. It worked so thank you anyway.

    Tuesday, August 6, 2013 5:51 AM