Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Intranet Security

Reply
Thread Tools

Intranet Security

 
 
Richard
Guest
Posts: n/a
 
      12-09-2004
I'm building an Intranet Web app to track our company's purchase orders. I
would like to have the employees use the app without being prompted for a
user name and pw, hoping to catch their identities from their Windows account.

Since it's an Intranet app, I'm using Windows authentication, and denying
anonymous access.
Here are the web.config settings for authentication and authorization:
<authentication mode="Windows" />
<identity impersonate="true"/>
<authorization>
<deny users="?" /> <!-- Allow all users -->
</authorization>

In my Page_load event, I am able to get the user's identity once he logs in
to the app, and then I pass that identity to a SQL Server db to retrieve
other info about the employee.

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load

If Not Page.IsPostBack Then
Dim wp As WindowsPrincipal
If Page.User.Identity.IsAuthenticated AndAlso TypeOf
User.Identity Is WindowsIdentity Then

Try
wp = DirectCast(Page.User, WindowsPrincipal)
Session("FullDomainName") = wp.Identity.Name

'Check for valid employee in SQL Server db.
If IsValidEmployee(Session("FullDomainName"),
Session("ConnectStringSQL")) Then
'Welcome the user.
lblUser.Text = "Welcome " & Session("FirstName") & " "
& Session("LastName") & "!"

Catch ex As Exception
lblError.Text = ex.Message
imbCreatePO.Visible = False
imbTrackPO.Visible = False
imbApprovePO.Visible = False
End Try

End If
End If
End If
End Sub

What am I missing that is causing the app to display the prompt for a user
name and password? Shouldn't it recognize that the employee is already logged
in to Windows?


 
Reply With Quote
 
 
 
 
Patrick Olurotimi Ige
Guest
Posts: n/a
 
      12-29-2004
Richard when are u gettting the PROMPT??
Are u redirecting them to another page in another domain or something..
Pls elaborate..or have u solved it..
Patrick



*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
 
 
 
Richard
Guest
Posts: n/a
 
      01-03-2005
Hi Patrick, I'm getting the prompt immediately before the page displays. I'm
not redirecting.

"Patrick Olurotimi Ige" wrote:

> Richard when are u gettting the PROMPT??
> Are u redirecting them to another page in another domain or something..
> Pls elaborate..or have u solved it..
> Patrick
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Access denied due to security settings for intranet K Viltersten ASP .Net 2 10-06-2008 09:14 AM
Intranet security should based on Active Directory or Database Patirck Ige ASP .Net 4 10-31-2005 06:28 AM
best practice with intranet security and menu structure Patrick.O.Ige ASP .Net 0 09-30-2005 12:31 PM
Intranet Security Studs Murphy Computer Security 1 05-17-2004 01:21 AM
caspol & local intranet security adam ASP .Net Security 4 01-19-2004 09:45 AM



Advertisments