Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
page 3 of 10
by Scott Guthrie
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 36685/ 59

Discussion

Authentication is the process of identifying and validating the identity of a client accessing an application.  Put more simply -- it is the process of identifying “who” the end-user is when they visit a website. 

Authentication is typically used in combination with Authorization -- which is the process of figuring out whether the authenticated user has permissions to access a particular page/resource or to perform some action.  For example, when an end-user in a browser tries to access a page, ASP.NET might authenticate the user as “Scott”, and would then run through the configured authorization rules for the requested page to figure out whether “Scott” has permission to access it.

ASP.NET supports multiple ways to authenticate browser users visiting a web application, and implements a flexible set of ways to authorize which permissions they have within the application.

For Internet web applications, the most common authentication scenario to use it called Forms Authentication.  Forms Authentication enables a developer to provide a standard HTML login form within their application, and then validate the username/password an end-user submits against a database or other credential store.  Assuming the username/password combination is correct, the developer can then ask ASP.NET to issue an encrypted HTTP cookie to identify and track the user.

For Intranet web applications, the most common authentication scenario to use is called Windows Authentication.  Windows Authentication avoids the need to create a login form within an application, and does not require end-users to manually enter their username/password credentials to login to the application.  Instead, ASP.NET and IIS can automatically retrieve and validate the Windows username of the end-user visiting the site in a secure way.  The benefit of this approach is that it improves the end-user customer experience since users don’t have to re-type their passwords, and/or maintain separate accounts.  It also allows companies to re-use a common security identity system across their entire corporate networks (Windows clients, servers, file-shares, printers, and web apps).


View Entire Article

User Comments

Title: Help please   
Name: Kaustubh
Date: 2008-09-02 3:05:57 AM
Comment:
Hello,

I did same thing as u mentioned. But when I tried to open it through browser. it asks for windows user and password.

What could be reason ?
Title: HELP !   
Name: Bruce
Date: 2007-12-03 4:56:27 PM
Comment:
I've done this. When the browser is run from a W2K machine, I get "Cannot find server or DNS Error". When run from an XP machine, it appears to work just fine. Any ideas? Thanks.
Title: how to implement windows integrated authentication in java step by step   
Name: Shilpa
Date: 2007-08-16 3:12:57 AM
Comment:
Can I retrieve windows authentication in java
Title: Hi   
Name: Hello
Date: 2007-05-17 4:20:29 PM
Comment:
Super

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-03-28 4:54:43 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search