How to customize Windows-based authentication? - asp.net

I have a site on IIS configured to use Windows Authentication type.
What I need to do is to have ability to skip displaying Windows credentials prompt for users which are connecting outside the domain. In the case of outside access I need to redirect user to custom login page on the same site (based on Windows Authentication).
Can you please tell me if there any ability to do that?
UPDATE : site on IIS configured to use Windows Authentication type - and it shouldn't be changed

Change authentication mode your web.config
Something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

Related

How to disable form authentication on IIS7?

I had form authentication on my website.
It was on a web farm server and I had a directory on my website to write some log files.
I used password protection on the pleask to protect my directory and it worked fine.
When user want to see contents of that directory, they must have entered a username and password.
Last week I moved my site to a dedicated server and now I want to enable that feature again.
in iis7>mysite>mydirectory>authentication
but I cannot disable form authentication why?
I removed
<authentication mode="Forms">
<forms domain=".mysite.com" loginUrl="Login" timeout="50"
requireSSL="false" path="/" />
In web.config I can disable authentication feature in iis and enable basic authentication and everything work good.
But now how can I handle it without removing my codes?
How did it worked when I was on plesk hosting panel?
I want users to enter a username and password to view a file on my folder.
I found an article that shows how you Enable Forms Authentication (IIS 7)
Maybe this helps you...

Why does HttpContext.Current.User for Forms Authentication have Windows Username

I have a web application that uses custom (forms) authentication and authorization. After the user logs in i setup the GenericPrincipal using the username supplied. Authorization worked fine on Visual Studio 2012 IDE using IIS Express. However, I was getting authorization failures for users that seemed inexplicable on the web server I published to. I did a
Response.Write(HttpContext.Current.User.Name)
and published to the web server and I saw that my windows ID was returned instead of the custom user name I logged on with onto the site.
My configuration settings are not the problem, here is a sample of them
<system.web>
<authentication mode="Forms" >
<forms loginUrl="Login.aspx" timeout="30" defaultUrl="Default.aspx" cookieless="AutoDetect" ></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
Can anyone help me resolve this
I found that this problem was caused by IIS configuration on the web server.
In my site's Authentication Settings in IIS, I had to disable all authentication modes(in my case Windows Authentication) except for Anonymous and Forms authentication.
I need Anonymous authentication to enable users to land on the Login page (otherwise IIS throws 401 Authorization Error)

Forms authentication on different hostings

Hi have form authenticaion for my site, and it works fine on localhost and godaddy, but after moving to another hosting it stop working.
After login in admin area after 2-3 minutes I redirecting back to login screen.
Does anybody know if I change some settings on IIS or what is the source of the problem?
My code looks like
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="10000" slidingExpiration="true"/>
</authentication>
FormsAuthentication.SetAuthCookie(userName, rememberMe);
If your application domain is being shut down and you have no machineKey section in Web.config (or validationKey/decryptionKey="AutoGenerate") you will get new validationKey/decriptionKey after every application start and authentication cookies will become invalid. Visit http://aspnetresources.com/tools/keycreator.aspx and add generated machineKey section into your Web.config.

ASP.NET Membership - Can I allow anonymous access and still use automated login using Active Directory?

I hope this is not to paradoxal, but I don't know how this should be done...
I have a VS2008 ASP.NET MVC Project with the following Web.Config entry:
<authentication mode="Windows">
<forms name=".ADAuthCookie" timeout="10" />
</authentication>
This makes the visitor logon automatically with their DOMAIN\username login which they used to logon to Windows. (Right?)
This works with my development server (http://localhost:xxxx), but not with my IIS server (http://localhost). Probably because the development server is 'started' by my local user (which has ActiveDirectory read-rights on the domain) and because IIS is 'started' by the IUSR_WORKSTATION user which does not. (Right?)
If all of the above is true, how can I impersonate the IIS user (for instance to my own username) to solely authenticate the current user with the Windows login name? (like the example below)?
Or should the IUSR_WORKSTATION user be granted ActiveDirectory? read-rights (not preferred as I will be switching servers / IUSR_ users a lot)
<identity impersonate="true" userName="DOMAIN\myuser" password="mypass"/>
<authentication mode="Windows">
<forms name=".ADAuthCookie" timeout="10" />
</authentication>
<identity impersonate="false"/>
Windows authentication is poorly named (IMO). It's not using Windows as the authentication, but rather it delegates the authentication process to IIS. So you need to configure IIS's authentication, which then flows down to ASP.NET
How you do this depends on your version of IIS, in IIS7 expand out the tree and click your web site, then click Authentication and enable Windows Authentication

Is there a way to have the second <authentication mode="Forms"> somewhere in my sln?

I have <authentication mode="Windows"> in my web.config.
I do not want to create another solution with <authentication mode="Forms">, but I do need to allow external access to my intranet web app.
There is a way to allow Windows-Authentication-using-Form-Authentication described here
http://dotnetslackers.com/articles/aspnet/Windows-Authentication-using-Form-Authentication.aspx.
Unfortunately, for the above to work, I still need
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH">
</forms> </authentication>
Is there a way to have the second <authentication mode="Forms"> somewhere in my sln solution?
You should take a look at Microsoft ISA Server 2006. You can use it to enable Windows Authentication sessions through an html forms login page that stores a cookie on the client. To the ASP.NET web application, the user looks a Windows Authentication client. ISA Server maintains the mappings of forms authentication to Windows Authentication for you. I've worked on systems that use this with both SharePoint and ASP.NET Windows Authentication and it works great.

Resources