Windows authentication for intranet site pages

0
votes

I'm building an intranet web site (asp.net 3.5) which has windows authentication. Two questions:

  1. When the code behind makes a trusted connection to the SQL server, will it connect with app pool credentials or current page user credentials?
  2. Right now, with a blank page, when the internal user (logged in to the domain) tries to hit the page they get challenged with windows login screen, and their credentials don't work.

Is there anything else I need to setup in web.config or IIS for the windows authentication to work, other than adding <authentication mode="Windows"/>?

2
asp.netwindows-authenticationintranet
@Audrey So did you get your answer or do you still need help with this? I have experience with this, but want to know if it's worth the effort to explain first. :P - Chiramisu

2 Answers

0
votes

You can configure the Windows identity of your ASP.NET application as the Windows identity supplied by IIS by enabling impersonation. That is, you instruct your ASP.NET application to impersonate the identity supplied by IIS for all tasks that the Windows operating system authenticates, including file and network access.

To enable impersonation for your Web application, in the application's Web.config file set the impersonate attribute of the identity element to true, as shown in the following code example.

<system.web>
  <authentication mode="Windows"/>
  <identity impersonate="true"/>
</system.web>

Source

0
votes

You don't want to use imporsonate as suggested by kd7. Because then you will need to give your users rights on the database. Might be okay for SELECT operations, but I don't think your DBAs will go along if you also need to UDATE/DELETE operations. already addressed by kd7.

When you enable "Windows" authentication, you need to not only configure your application to use it, you also need to configure IIS as well.

You also need to make sure that your AppPool user has proper permissions on the File System for your site.

Depending on IIS version, the procedure for enabling windows authentication is different. You can google it.