How will “windows based” authentication work in MVC web application, if users access the application from outside the company intranet

1
votes

I have the following architecture:-

  • Active directory server
  • IIS which will host asp.net MVC
  • Both the Active directory and the MVC web application are inside our company intranet.
  • I set the Asp.net MVC authentication type to be windows based.

But I have these questions:-

  • If our company employees tries to access the asp.net MVC web application from their home using their personal PC; will windows authentication work?
  • If the above answer is Yes; then how they will be typing their usernames, Something similar to username@ domain.com ?
  • According to my above requirements, should I consider having form based authentication that is connected to AD? Instead of using windows based authentication?

Thanks for any help and advice Best Regards

1
asp.net-mvcsecurityauthentication

1 Answers

5
votes

Assuming your website in IIS is visible to the outside through the firewall, then yes it will be accessible from home

depending on the browser, you should get a pop up asking for username and password, and the username should be typed

MYDOMAIN\JOEBLOGGS

This setup may well work fine but it depends on your needs - is your network admin happy to open this server up to the outside world

There can be a quirk if using Internet explorer externally, where IE does not display a pop up box, and instead tries to authenticate with the local windows username, which may not match AD username if it is a personal PC (to get around this on the client, go to Internet Options > Security > Custom Level then scroll down to User Authentication and select 'Prompt for username and password'