You are currently viewing the BOOK Beginning Expression Web ISBN: 978-0-470-07315-5 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
Yes, turn your project into an application within IIS by right-clicking the folder within IIS, selecting properties, and then click the Create button which is under the General tab.
Then go to the Directory Security tab, click the Edit button which is in the the Anonymous access authentication control section, uncheck Anonymous Access and make sure Integrated Windows authentication is checked. Close all the windows and your done. Your application will now rely on active directory for logging in.
In that case, it's a bit more complex. There are two ways to do it: by hand (coding it) or by way of providers. Both are slightly involved. Personally, I would lean toward the providers model but it does require some setup and is vaguely detailed online. If you do go the code route, here's a good article that may help you out: http://www.15seconds.com/Issue/020730.htm
IMHO, if you are creating an application that runs on an intranet and you are using the users domain login as the Username for the application, security should be completely transparent to them.
Having some sort of login page is pointless in this scenario because you make the reasonable assumption that a user logged onto a pc within a given domain has already verified their credentials against a PDC and has been authenticated onto the domain.
So, when x user comes to the app you can grab their login with User.Identity which will return [domain]\[userID] then you can query AD as neccessary to do anything that may be security related. For example Domain admins may see a certain function a Domain user would not. Forcing the user to push a button that really isn't going to "do" anything seems pointless to me.
I am also new to EW,
the class i was taken , ended on chapter 12
and im finishing on my own,
ive done everthing, and can not view my admin.aspx
page, error msg is URL failed to authenticate.
My createuser.aspx works, but the login always
refreshes, the event viewer shows the same error
each time Since you complete chap 14 any help would,
be greatly appreciated