Im trying to understand how windows authentication works and how to implement it. Ive read quite a few articles and watched some quite length videos on youtube but i still cant my head around what needs to be added to my web.config file/ index.aspx page to make it work properly.
Here is the index.aspx page:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
namespace asset_management_system
{
public partial class index1 : System.Web.UI.Page
{
DataAccessLayer dal = new DataAccessLayer();
protected void Page_Load(object sender, EventArgs e)
{
}
protected void loginBut_Click(object sender, EventArgs e)
{
string username = usernameTB.Text.Trim();
string password = passwordTB.Text.Trim();
try
{
using (SqlDataReader dr = dal.CheckLoginDetails(username))
{
//if username does not exist
if (!dr.Read())
{
MessageBox.Show("Invalid login details");
}
else
{
//if password matches the username then redirect to home page
if (dr[0].ToString() == password)
{
Session["username"] = username;
Response.Redirect("Home/home.aspx");
}
else
{
MessageBox.Show("Invalid login details");
}
}
}
}
catch (SqlException sqlex) { MessageBox.Show("There may be an issue with the server, please contact the administrator" +
" and provide this error message: " + sqlex); }
catch (Exception ex) { MessageBox.Show("error message: " + ex); }
}//end of loginBut_click method
}//end of class
}//end of namespace
And here is the web.config file
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="Asset management System DBConnectionString" connectionString="Data Source=STEPHENP\SQLEXPRESS;Initial Catalog="Asset management System DB";Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<authentication mode="Windows">
</authentication>
<identity impersonate="true"/>
</system.web>
</configuration>
Best Answer
You are confusing SQL authentication with Windows authentication.
In order for this web page to work based on Windows authentication, your web.config needs
When you deploy your page to a web server, you need to disable anonymous authentication to restrict external users. Below is a snippet from an IIS7+ web server's authentication section:
If you need to program against logged in user or its group, you need to use the WindowsIdentity Class.