locked
Is it possible to configure the website for Windows Authentication and for other accounts? RRS feed

  • Question

  • User-786564416 posted

    What are the statements needed to write on the Web.config file, so the website become capable to:

    - Allow the Windows Authentication, so we can detect the current Windows user by the statement:

    Dim ThisUser As System.Security.Principal.IPrincipal
    ThisUser = System.Web.HttpContext.Current.User

    - Allow the Application based account "administrator". This account is not windows account. I have a code written to deal with the "administrator" account, which checks username and password in the application database.

    I am trying to write the following statements in the web.config but error is given

    <system.web>
    <authentication mode="Windows|Forms|Passport|None">
    </authentication>
    </system.web>

    How can I write it if it is best configuration that meets my above requirements?

    Monday, October 2, 2017 8:38 PM

All replies

  • User-786564416 posted

    Thanks Mr. Ryan. However, it is a long article and I haven't understand the details.

    Just please help me how can I enable both, the Windows authentication so I can detect the login user, and the Anonymous user, so I can allow the application created account "administrator".

    Monday, October 2, 2017 9:24 PM
  • User-1838255255 posted

    Hi alihusain_77,

    According to your description, as far as i know, windows authentication can not validate non windows user, so I suggest you could use forms authentication, please check the

    following tutorials: 

    How to: Implement Simple Forms Authentication: 

    https://msdn.microsoft.com/en-us/library/xdt4thhy.aspx?f=255&MSPPError=-2147217396 

    Forms Authentication In ASP.NET: 

    http://www.c-sharpcorner.com/UploadFile/fa9d0d/forms-authentication-in-Asp-Net/ 

    Best Regards,

    Eric Du 

    Tuesday, October 3, 2017 8:26 AM
  • User2053451246 posted

    Thanks Mr. Ryan. However, it is a long article and I haven't understand the details.
    You are going to need to understand the details.  What you want to do is not an easy task.

    Tuesday, October 3, 2017 6:44 PM
  • User475983607 posted

    Just please help me how can I enable both, the Windows authentication so I can detect the login user, and the Anonymous user, so I can allow the application created account "administrator".

    It's not possible to have both anonymous and Windows authentication enabled because anonymous will always win.

    Tuesday, October 3, 2017 6:59 PM
  • User-786564416 posted

    If I enable both: Windows Authentication and Anonymous, If the website started by a user who just logon into the desktop after submitting Windows credentials, will I be able to detect his username by using the following statement:

     Dim ThisUser As System.Security.Principal.IPrincipal
     ThisUser = System.Web.HttpContext.Current.User
    usernametxtbox = ThisUser

    Will this work with me?

    Tuesday, October 3, 2017 10:34 PM
  • User475983607 posted

    Let me say this another way.  You physically can enable anonymous authentication and Windows authentication for a site in IIS.  The result will be Windows authentication is never used because anonymous wins.  There is no rule where IIS tries Windows authentication first then fall back to anonymous.  Authentication works as written in the specification.

    If I enable both: Windows Authentication and Anonymous, If the website started by a user who just logon into the desktop after submitting Windows credentials, will I be able to detect his username by using the following statement:

     Dim ThisUser As System.Security.Principal.IPrincipal
     ThisUser = System.Web.HttpContext.Current.User
     usernametxtbox = ThisUser

    Will this work with me?

    The code will work but the results are probably not what to expect.  I think you are going for...

    System.Web.HttpContext.Current.User.Identity.Name;

    Regardless, enabling both Windows and anonymous authentication on a single app will not produce expected results.

    Tuesday, October 3, 2017 11:39 PM