Windows Authentication

Question

User1941167999 posted

Somebody please guide me.

How Windows authentication works in ASP.NET works web application? How a user from a organization like xyz.com can access a web application? 

Do we need to add AD Forest in my Windows Server? or can I add it through c# code? or Web.config?

Instead of adding AD forest do we have any other techniques to authenticate from a xyz.com domain?

Answer 1

User1535942433 posted

Hi kenten,

Configure Web application for Windows authentication:

To configure your Web application for Windows authentication, follow these steps:

1.Create an ASP.NET Web Application named ASPNETWinAuth. By default, theWebForm1.aspx file appears.

2.In the HTML view of WebForm1.aspx, replace the existing code with the following sample code:<%=User.Identity.Name%>

3.Click Start, point to Programs, point to Administrative tools, and then click Internet Information Services.

4.The Internet Information Services MMC appears. Expand Computer, and then expand a Web site that uses Windows authentication.

5.Click the ASPNETWinAuth Web site application.

6.On the Action menu, click Properties.

7.In Properties, click the Directory Security tab.

8.Under Anonymous access and authentication control, click Edit.

9.In Authentication Methods, click to select Integrated Windows authentication. Click to clear all other check boxes.
Click OK.

10.In Properties, click OK. The ASPNETWinAuth Web application is now configured to accept valid user accounts.

Configure the ASP.NET application:

 In the Web.config file, locate the <authentication> tag, and then set the mode attribute to Windows, as in the following example:

<authentication mode="Windows" />

Restrict access:

In ASP.NET, you set authorization to the application by adding settings in the Web.config file. You can specify which users or groups are permitted to have access to what resources as follows:
To permit all users of an NT Group named Managers to have access to your resources, use the following code:<configuration>

  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

To permit only specific users to have access, use the following code:<configuration>

 <system.web>
    <authorization>
      <allow users="domainname\user1,domainname\user2,domainname\user3" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Note You can specify multiple roles or users by using a comma separated list. Verify that you use the correct case when you specify the configuration file element and the associated attribute values. This code is case sensitive.

More details,you could refer to below article:

https://support.microsoft.com/en-us/help/323176/how-to-implement-windows-authentication-and-authorization-in-asp-net

Instead of adding AD forest do we have any other techniques to authenticate from a xyz.com domain?

As far as I think, you could cross-domain authentication using shared cookies.

Best regards,

Yijing Sun

Answer 2

User1941167999 posted

Hi Yij,

Thank you for your response. I really appreciate it for your clear explanation. However, I am missing a point here.

My Windows Server is on Microsoft Azure VM and my company is having their domain as xyz.com (ex : email : kenten123@xyz.com).

How the active directory users from the domain xyz.com can interact with the cloud VM? Please explain this point.

Answer 3

User1535942433 posted

Hi kenten,

You can enable Azure AD login for Windows Server 2019 Datacenter or Windows 10 1809 and later VM images.

More details,you could refer to below article:

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-authentication-to-windows-vms-in-azure-now-in-public/ba-p/827840

Best regards,

Yijing Sun