special authentication

Discussion in 'ASP .Net Security' started by Peter Kornills, Feb 22, 2005.

  1. Hi!

    My problem is quiet simple, but a solution seems to be difficult(for
    me):
    I've a group of users for my asp.net webapplication. In case of a
    login the User should be authenticated automaticly (this means the
    application should verify if he's allowed to use it).

    I want to get the windows username from the client and look up in an
    oracle database weather the user is allowed to act with the webapp. If
    he isn't the Application will redirect to an error-message.

    But it seems to be hard to get the windows-user.

    I've tried to set the authentication form on "Windows" in the
    Web.config-file

    In the code behind I try to get the following value:

    name = Page.User.Identity.Name

    but that doesn't work.
    Does any body have an idea to solve this problem?

    Regards

    Peter
    Peter Kornills, Feb 22, 2005
    #1
    1. Advertising

  2. If you want to use Windows authentication in ASP.NET, you need to disable
    anonymous access in IIS and enable IWA, Digest or Basic. Have you done
    that?

    Once you do, Page,User.Identity.Name should return the current Windows user
    and you can use all of the built in mechanisms for authorization that you
    want or roll your own.

    Joe K.

    "Peter Kornills" <> wrote in message
    news:...
    > Hi!
    >
    > My problem is quiet simple, but a solution seems to be difficult(for
    > me):
    > I've a group of users for my asp.net webapplication. In case of a
    > login the User should be authenticated automaticly (this means the
    > application should verify if he's allowed to use it).
    >
    > I want to get the windows username from the client and look up in an
    > oracle database weather the user is allowed to act with the webapp. If
    > he isn't the Application will redirect to an error-message.
    >
    > But it seems to be hard to get the windows-user.
    >
    > I've tried to set the authentication form on "Windows" in the
    > Web.config-file
    >
    > In the code behind I try to get the following value:
    >
    > name = Page.User.Identity.Name
    >
    > but that doesn't work.
    > Does any body have an idea to solve this problem?
    >
    > Regards
    >
    > Peter
    Joe Kaplan \(MVP - ADSI\), Feb 22, 2005
    #2
    1. Advertising

  3. Peter Kornills

    Paul Clement Guest

    On 22 Feb 2005 06:41:44 -0800, (Peter Kornills) wrote:

    ¤ Hi!
    ¤
    ¤ My problem is quiet simple, but a solution seems to be difficult(for
    ¤ me):
    ¤ I've a group of users for my asp.net webapplication. In case of a
    ¤ login the User should be authenticated automaticly (this means the
    ¤ application should verify if he's allowed to use it).
    ¤
    ¤ I want to get the windows username from the client and look up in an
    ¤ oracle database weather the user is allowed to act with the webapp. If
    ¤ he isn't the Application will redirect to an error-message.
    ¤
    ¤ But it seems to be hard to get the windows-user.
    ¤
    ¤ I've tried to set the authentication form on "Windows" in the
    ¤ Web.config-file
    ¤
    ¤ In the code behind I try to get the following value:
    ¤
    ¤ name = Page.User.Identity.Name
    ¤
    ¤ but that doesn't work.
    ¤ Does any body have an idea to solve this problem?
    ¤
    ¤ Regards
    ¤
    ¤ Peter

    In addition to what Joe mentioned you also need to enable impersonation.

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconimpersonation.asp


    Paul ~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Feb 22, 2005
    #3
  4. "Paul Clement" <> wrote in message
    news:...
    > On 22 Feb 2005 06:41:44 -0800, (Peter Kornills)
    > wrote:
    >
    > ¤ Hi!
    > ¤
    > ¤ My problem is quiet simple, but a solution seems to be difficult(for
    > ¤ me):
    > ¤ I've a group of users for my asp.net webapplication. In case of a
    > ¤ login the User should be authenticated automaticly (this means the
    > ¤ application should verify if he's allowed to use it).
    > ¤
    > ¤ I want to get the windows username from the client and look up in an
    > ¤ oracle database weather the user is allowed to act with the webapp. If
    > ¤ he isn't the Application will redirect to an error-message.
    > ¤
    > ¤ But it seems to be hard to get the windows-user.
    > ¤
    > ¤ I've tried to set the authentication form on "Windows" in the
    > ¤ Web.config-file
    > ¤
    > ¤ In the code behind I try to get the following value:
    > ¤
    > ¤ name = Page.User.Identity.Name
    > ¤
    > ¤ but that doesn't work.
    > ¤ Does any body have an idea to solve this problem?
    > ¤
    > ¤ Regards
    > ¤
    > ¤ Peter
    >
    > In addition to what Joe mentioned you also need to enable impersonation.
    >
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconimpersonation.asp
    >
    >
    > Paul ~~~
    > Microsoft MVP (Visual Basic)


    Why?

    All he wants to do is check to see who the authenticated user is.
    Context.User.Identity.Name (or Page.User.Identity.Name) will be the
    authenticated use regardless of what the setting for impersonation is.
    Impersonation is only needed if he needs to execute code as the
    authenticated user.

    Joe K.
    Joe Kaplan \(MVP - ADSI\), Feb 22, 2005
    #4
  5. Peter Kornills

    Paul Clement Guest

    On Tue, 22 Feb 2005 13:31:46 -0600, "Joe Kaplan \(MVP - ADSI\)"
    <> wrote:

    ¤
    ¤ "Paul Clement" <> wrote in message
    ¤ news:...
    ¤ > On 22 Feb 2005 06:41:44 -0800, (Peter Kornills)
    ¤ > wrote:
    ¤ >
    ¤ > ¤ Hi!
    ¤ > ¤
    ¤ > ¤ My problem is quiet simple, but a solution seems to be difficult(for
    ¤ > ¤ me):
    ¤ > ¤ I've a group of users for my asp.net webapplication. In case of a
    ¤ > ¤ login the User should be authenticated automaticly (this means the
    ¤ > ¤ application should verify if he's allowed to use it).
    ¤ > ¤
    ¤ > ¤ I want to get the windows username from the client and look up in an
    ¤ > ¤ oracle database weather the user is allowed to act with the webapp. If
    ¤ > ¤ he isn't the Application will redirect to an error-message.
    ¤ > ¤
    ¤ > ¤ But it seems to be hard to get the windows-user.
    ¤ > ¤
    ¤ > ¤ I've tried to set the authentication form on "Windows" in the
    ¤ > ¤ Web.config-file
    ¤ > ¤
    ¤ > ¤ In the code behind I try to get the following value:
    ¤ > ¤
    ¤ > ¤ name = Page.User.Identity.Name
    ¤ > ¤
    ¤ > ¤ but that doesn't work.
    ¤ > ¤ Does any body have an idea to solve this problem?
    ¤ > ¤
    ¤ > ¤ Regards
    ¤ > ¤
    ¤ > ¤ Peter
    ¤ >
    ¤ > In addition to what Joe mentioned you also need to enable impersonation.
    ¤ >
    ¤ > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconimpersonation.asp
    ¤ >
    ¤ >
    ¤ > Paul ~~~
    ¤ > Microsoft MVP (Visual Basic)
    ¤
    ¤ Why?
    ¤
    ¤ All he wants to do is check to see who the authenticated user is.
    ¤ Context.User.Identity.Name (or Page.User.Identity.Name) will be the
    ¤ authenticated use regardless of what the setting for impersonation is.
    ¤ Impersonation is only needed if he needs to execute code as the
    ¤ authenticated user.
    ¤
    ¤ Joe K.
    ¤

    Yes, Joe, you're correct. I misread his post and thought he was using integrated security with
    Oracle.


    Paul ~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Feb 23, 2005
    #5
  6. It works!

    thanks for your help Paul and Joe

    Regards Peter
    Peter Kornills, Mar 1, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Connell
    Replies:
    1
    Views:
    533
    Natty Gur
    Oct 21, 2003
  2. raj mandadi
    Replies:
    0
    Views:
    414
    raj mandadi
    Dec 22, 2003
  3. Brett Porter
    Replies:
    2
    Views:
    742
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  4. Mark
    Replies:
    0
    Views:
    665
  5. Luigi Donatello Asero

    Special Authentication Variant

    Luigi Donatello Asero, Aug 16, 2005, in forum: HTML
    Replies:
    8
    Views:
    743
Loading...

Share This Page