Hi,

Newbie in EW, ASP and ASP.NET here. Is it possible to have a login form which authenticate the user against Active Directory? We have several domains.

Thanks.

Yes, turn your project into an application within IIS by right-clicking the folder within IIS, selecting properties, and then click the Create button which is under the General tab.

Then go to the Directory Security tab, click the Edit button which is in the the Anonymous access authentication control section, uncheck Anonymous Access and make sure Integrated Windows authentication is checked. Close all the windows and your done. Your application will now rely on active directory for logging in.

Hi Zak,

Thanks for the reply. What if I still want the user to login, e.g. via login.aspx like in chapter 14? Can I also check the user belongs to which AD group?

I tried to reduce the number of ID list we'd have to maintain, so would prefer if can use AD.

Thanks.

In that case, it's a bit more complex. There are two ways to do it: by hand (coding it) or by way of providers. Both are slightly involved. Personally, I would lean toward the providers model but it does require some setup and is vaguely detailed online. If you do go the code route, here's a good article that may help you out: http://www.15seconds.com/Issue/020730.htm

Zak

IMHO, if you are creating an application that runs on an intranet and you are using the users domain login as the Username for the application, security should be completely transparent to them.

Having some sort of login page is pointless in this scenario because you make the reasonable assumption that a user logged onto a pc within a given domain has already verified their credentials against a PDC and has been authenticated onto the domain.

So, when x user comes to the app you can grab their login with User.Identity which will return [domain]\[userID] then you can query AD as neccessary to do anything that may be security related. For example Domain admins may see a certain function a Domain user would not. Forcing the user to push a button that really isn't going to "do" anything seems pointless to me.

In any event, that is my 2 cents!

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
Technical Editor for:
Professional Search Engine Optimization with ASP.NET

Professional IIS 7 and ASP.NET Integrated Programming

================================================== =========

That's actually a good point. I don't think you mentioned whether or not the application you're building is for internal use only? If so, a login page is useless.

Hi Zak & dparsons,

For the moment, he application will be made available for both intranet only. But we have plan to allow user to access is from internet over SSL. That's why I'm looking for the login form against AD.

Zak, I'll dig the link first to see how hard/easy is it. Do you have any advice on how to get more detail for the providers way? Thanks.

You may want to give ASP.NET 2.0 Unleashed by Stephen Walther a shot. That's a good desktop reference that I always recommend.

Or Wrox's Professional ASP.NET 2.0 Special Edition by Bill Evjen. Also very good. :)
http://www.wrox.com/WileyCDA/WroxTit...470041781.html
Here's the TOC:
http://media.wiley.com/product_data/...70041781-2.pdf
you'll see chapters 14 and 15 on providers.

Jim Minatel
Acquisitions Director
Wiley Technology Publishing
WROX Press
Blog: http://wroxblog.typepad.com/

Hi toblo
I am also new to EW,
the class i was taken , ended on chapter 12
and im finishing on my own,
ive done everthing, and can not view my admin.aspx
page, error msg is URL failed to authenticate.
My createuser.aspx works, but the login always
refreshes, the event viewer shows the same error
each time Since you complete chap 14 any help would,
be greatly appreciated
brpage