Intranet Security

Discussion in 'ASP .Net Security' started by Richard, Dec 9, 2004.

  1. Richard

    Richard Guest

    I'm building an Intranet Web app to track our company's purchase orders. I
    would like to have the employees use the app without being prompted for a
    user name and pw, hoping to catch their identities from their Windows account.

    Since it's an Intranet app, I'm using Windows authentication, and denying
    anonymous access.
    Here are the web.config settings for authentication and authorization:
    <authentication mode="Windows" />
    <identity impersonate="true"/>
    <authorization>
    <deny users="?" /> <!-- Allow all users -->
    </authorization>

    In my Page_load event, I am able to get the user's identity once he logs in
    to the app, and then I pass that identity to a SQL Server db to retrieve
    other info about the employee.

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Load

    If Not Page.IsPostBack Then
    Dim wp As WindowsPrincipal
    If Page.User.Identity.IsAuthenticated AndAlso TypeOf
    User.Identity Is WindowsIdentity Then

    Try
    wp = DirectCast(Page.User, WindowsPrincipal)
    Session("FullDomainName") = wp.Identity.Name

    'Check for valid employee in SQL Server db.
    If IsValidEmployee(Session("FullDomainName"),
    Session("ConnectStringSQL")) Then
    'Welcome the user.
    lblUser.Text = "Welcome " & Session("FirstName") & " "
    & Session("LastName") & "!"

    Catch ex As Exception
    lblError.Text = ex.Message
    imbCreatePO.Visible = False
    imbTrackPO.Visible = False
    imbApprovePO.Visible = False
    End Try

    End If
    End If
    End If
    End Sub

    What am I missing that is causing the app to display the prompt for a user
    name and password? Shouldn't it recognize that the employee is already logged
    in to Windows?
     
    Richard, Dec 9, 2004
    #1
    1. Advertising

  2. Richard when are u gettting the PROMPT??
    Are u redirecting them to another page in another domain or something..
    Pls elaborate..or have u solved it..
    Patrick



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Patrick Olurotimi Ige, Dec 29, 2004
    #2
    1. Advertising

  3. Richard

    Richard Guest

    Hi Patrick, I'm getting the prompt immediately before the page displays. I'm
    not redirecting.

    "Patrick Olurotimi Ige" wrote:

    > Richard when are u gettting the PROMPT??
    > Are u redirecting them to another page in another domain or something..
    > Pls elaborate..or have u solved it..
    > Patrick
    >
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
    >
     
    Richard, Jan 3, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrick.O.Ige
    Replies:
    0
    Views:
    397
    Patrick.O.Ige
    Sep 30, 2005
  2. Patirck Ige
    Replies:
    4
    Views:
    400
    =?Utf-8?B?UGF0cmljay5PIC5JZ2U=?=
    Oct 31, 2005
  3. K Viltersten
    Replies:
    2
    Views:
    704
    K Viltersten
    Oct 6, 2008
  4. adam

    caspol & local intranet security

    adam, Jan 15, 2004, in forum: ASP .Net Security
    Replies:
    4
    Views:
    683
  5. kh

    Intranet security

    kh, Jul 9, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    186
    Joe Kaplan \(MVP - ADSI\)
    Jul 9, 2004
Loading...

Share This Page