ExpertRating - Online Certification and Employment Testing ExpertRating - Online Certification and Employment Testing ExpertRating - Online Certification and Employment Testing

ExpertRating Home
ExpertRating Benefits
Recommend ExpertRating
Suggest More Tests
Privacy Policy
FAQ
Login
 
ASP Dot Net Tutorial - Index
ASP Dot Net Tutorial - Microsofts ASP.NET
ASP Dot Net Tutorial - Begining Web Forms
ASP Dot Net Tutorial - User Controls
ASP Dot Net Tutorial - ADO .NET
ASP Dot Net Tutorial - DataBinding to WebControls
ASP Dot Net Tutorial - DataList Controls
ASP Dot Net Tutorial - DataGrid Control
ASP Dot Net Tutorial - Advance Practical Examples on DataGrid
ASP Dot Net Tutorial - Working with DataSets
ASP Dot Net Tutorial - Working with XML
ASP Dot Net Tutorial - Forms Based Authentication
ASP Dot Net Tutorial - Windows Based Authentication
     

 
Online Personal Trainer Certification
Test Search by Job Title
Find a Personal Trainer
Job Resources
Free Self Tests and Quizzes
Find a Lawyer
Project Management Certification
Six Sigma Certification
Six Sigma Black Belt Certification
Six Sigma Green Belt Certification
Lean Management Certification
First Aid Certification
CPR Certification
Yoga Certification
Aerobics Certification
Pilates Certification
SEO Certification
Online Photography Course & Certification
Online Business Writing Course & Certification
Baby Sitting Course & Certification
Time Manangement Certification
Health Club Management Certification
Selling Skills Certification
Business Analysis Course
Green Living Course  free!
Master Trainer Certification
Total Quality Management Certification
Kaizen Certification
Creative Writing Certification
  All Online Courses
   

   
   
   
   
   
   

   
  Home > Courses, Tutorials & eBooks > ASP.NET Tutorial >Windows Based Authentication
 

ASP.NET Tutorial - Windows Based Authentication

                                                                                                                 Page 2 of 3
 

Configuring Windows Authentication

 Windows authentication is enabled by default in the Machine. Config file. This setting is automatically inherited by all ASP.NET applications running on the same server.

If you have modified the Machine.Config file-for example, you have set the default authen­tication method to Forms authentication-you can explicitly enable Windows authentica­tion for an application by adding the Web. Config file in Listing 20.1 to the application root directory.

Example 67 EnablingWindows\web.Config

< configuration>

< system.web>

<authentication mode="Windows" />

</system.web>

</configuration>

 

 

You cannot add the file in abobe example to any directory beneath an application's root directory.In other words, it must be located in either the wwwroot directory or the root of a virtual directory.

Configuring Windows Authentication

After the Windows authentication is enabled, authorization can be provided to particular users ­and groups to access particular directories and files by using Web.Config file.

A Web. Config file can be added that includes an authorization section to any (not only the application root directory). Within the authorization section, the users and groups can be listed who have access to files in that directory.

The authorization section can contain two elements: deny and allow. These elements can be used to allow or deny a list of Windows users or groups access to the files in the current directory. For example, the Web. Config file in example 68 explicitly allows access to anyone in the Sales group, except for Sam.

Example 68 NoSam\web.Config

<configuration>

<system.web>

<authorization>

<allow roles="YourDomain\Sales" />

<deny users="YourDomain\Sam" />

<deny users="*" />

</authorization>

</system.web>

</configuration>

 

 The authorization section uses a "first match" algorithm to allow or deny users and groups ­accessed to a page. Since the Sales role is allowed, access before everyone is denied. Anyone in the Sales role is given authorization to access any page in the directory.

Notice that the domain must be specified when listing user accounts and groups. If the user account or group is a local machine account, the domain is the name of your server.

Note

When using Basic Authentication, and entering the user name there is no need to enter the domain as long as it is the default domain for your application. You can specify the association with an application with IIS. Set this option within the Authentication Methods dialogue box.


Two special wildcard characters can be used in the authorization section of the Web. Config file. The * wildcard character represents all users, and the ? represents all unauthenticated users. For example, if you want to force all users to login ­before accessing a file in a directory, you can use the Web. Config file in Example 69 below: -

 

 Example 69 NoAnon/Web.config

<configuration>

<system.web>

<authorization>

<deny users="?" />

</authorization>

</system.web>

</configuration>

 

ay that you need to create two directories named Managers and Sales. You want to enable only users in the Managers group to access the files in the Managers directory. However, you want to enable members of the Managers and Sales groups to access all the files in the Sales directory.

Note
The files discussed in this section are to be placed in the SimpleAUthentication directory.

The files are listed below: -

Example 70 SimpleAUthentication/Web.Config

<configuration>

<system.web>

<authentication mode="Windows" />

</system.web>

</configuration>

 

 

Example 71 SimpleAUthentication/Sales/Web.config

<configuration>

<system.web>

<authorization>

<allow users="YourDomain\Sam, YourDomain\George" />

<deny users="*" />

</authorization>

</system.web>

</configuration>

 

  
ExpertRating ASP.NET Certification - Get Certified Now!!
       
 

 
     
Home  |  About Us  |  Privacy Policy  |  Site Map  |  FAQs  |  Contact Us
 
© ExpertRating 2006. All Rights Reserved.