Well, first of all, you need to explicitly turn it on by enabling it. You'll find it by visiting the Authentication settings for a web site like so:
And then this needs to go in Web.config:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
Specifically this stuff needs to go inside system.web and not system.webServer. I recall once being told that system.web was for IIS6 while system.webServer was for IIS7, but that doesn't seem to be universally true. The authorization piece here doesn't need to be added for IIS6 to deny unknown users and force them to login, but you need it later versions of IIS. The "force them to login" thing looks like this:
Don't let Google confuse you here. In this example I am leaving Google in attempt to log onto an intranet app that needs the logging onto. The "Authentication Required" box appeared for me in Safari where I struggled to log in and in Firefox where I logged in just fine but not in IE or Chrome which seemed to just log me in, allowing me to sidestep the need to enter credentials. The login takes my active directory username and password. You're only gonna use this stuff for in-house intranet stuff. I really haven't researched how to interface with it from C# yet, but if you want to just show the name of who is logged in on the screen in a web forms app you may do so with a tag like this:
<asp:LoginName ID="Whatever" runat="server" />
No comments:
Post a Comment