Can I force a Windows Authentication / Login?

Re: Can I force a Windows Authentication / Login?

You mean you want to let the user authenticate using Windows Auth.
You can set that in IIS by checking integrated Windows and uncheck Anonymous
login
Patrick

"Keith H" <khinkle@newsgr oup.nospam> wrote in message
news:60E11FC6-D49E-45B7-8EFE-03C25034829F@mi crosoft.com...[color=blue]
> I'm looking for a way to force the user to re-authenticate with their[/color]
Windows[color=blue]
> username/password/domain after clicking the submit button on an ASP.NET[/color]
page.[color=blue]
> This is for an internal application.
>
> Does anyone know if/how this can be done?[/color]

Re: Can I force a Windows Authentication / Login?

Hi Keith,

One technique is to redirect them to a page that denies access to anonymous
users. This throws up the login dialogue box.

In your Web.config, add a <location> before <system.web>

<configuratio n>
<location path="auth.aspx ">
<system.web>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
<system.web>
....

Then create a page called auth.aspx.

In your button click code redirect like this:

Private Sub Button1_Click _
(ByVal sender As System.Object, _
ByVal e As System.EventArg s) Handles Button1.Click
Response.Redire ct("auth.aspx" )
End Sub

Let us know if this helps?

Ken
Microsoft MVP [ASP.NET]




"Keith H" <khinkle@newsgr oup.nospam> wrote in message
news:60E11FC6-D49E-45B7-8EFE-03C25034829F@mi crosoft.com...[color=blue]
> I'm looking for a way to force the user to re-authenticate with their
> Windows
> username/password/domain after clicking the submit button on an ASP.NET
> page.
> This is for an internal application.
>
> Does anyone know if/how this can be done?[/color]

Re: Can I force a Windows Authentication / Login?

Hi Keith,

For forcing the clientuser pass the windows authentication logon, as
Patrick has mentioned, we can use the IIS server's windows integrated
windows authentication( disable anonymous access) which will force the
client provide a valid windows identity. Also, if you're manually collect
the username/password through web page UI and programmaticall y authenticat
the user, you'll need to manually call some windows security API like
logonUser .... , but I don't think this is a good means from security and
performance perspective.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security



--------------------
| From: "Patirck Ige" <naijacoder@hot mail.com>
| References: <60E11FC6-D49E-45B7-8EFE-03C25034829F@mi crosoft.com>
| Subject: Re: Can I force a Windows Authentication / Login?
| Date: Fri, 7 Oct 2005 09:35:40 +1000
| Lines: 16
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
| Message-ID: <ePmar6syFHA.26 44@TK2MSFTNGP09 .phx.gbl>
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: 203.36.211.134
| Path: TK2MSFTNGXA01.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP09.phx. gbl
| Xref: TK2MSFTNGXA01.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:1296 34
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| You mean you want to let the user authenticate using Windows Auth.
| You can set that in IIS by checking integrated Windows and uncheck
Anonymous
| login
| Patrick
|
| "Keith H" <khinkle@newsgr oup.nospam> wrote in message
| news:60E11FC6-D49E-45B7-8EFE-03C25034829F@mi crosoft.com...
| > I'm looking for a way to force the user to re-authenticate with their
| Windows
| > username/password/domain after clicking the submit button on an ASP.NET
| page.
| > This is for an internal application.
| >
| > Does anyone know if/how this can be done?
|
|
|

Re: Can I force a Windows Authentication / Login?

All you need to do is send back a 302 response from your page (Response.Statu sCode).
As long as you're using Windows authentication and IIS then this will trigger
IIS to challenge the browser such that the user must reauthenticate.

-Brock
DevelopMentor

[color=blue]
> I'm looking for a way to force the user to re-authenticate with their
> Windows username/password/domain after clicking the submit button on
> an ASP.NET page. This is for an internal application.
>
> Does anyone know if/how this can be done?
>[/color]

Re: Can I force a Windows Authentication / Login?

Thanks Brock -- I tried this, and it did prompt me to authenticate again
(with response.status code = 401, not 302), but the behavior is a little
wacky. Sometimes I authenticate once and it accepts it but then doesn't
continue to do the rest of the code in the button_click event; other times it
repeats the authentication prompt three times and then DOES continue to do
the rest of the code.

What I really want is to write a function that forces the user to
authenticate again, returns true if the user authenticates successfully,
returns false otherwise; then I can do other code or send the user to an
error page based on the return value of the function.

It's just the part about forcing the authentication prompt and verifying
whether it was successful that I don't know how to do.

"Brock Allen" wrote:
[color=blue]
> All you need to do is send back a 302 response from your page (Response.Statu sCode).
> As long as you're using Windows authentication and IIS then this will trigger
> IIS to challenge the browser such that the user must reauthenticate.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>[color=green]
> > I'm looking for a way to force the user to re-authenticate with their
> > Windows username/password/domain after clicking the submit button on
> > an ASP.NET page. This is for an internal application.
> >
> > Does anyone know if/how this can be done?
> >[/color]
>
>
>[/color]

Re: Can I force a Windows Authentication / Login?

Thanks Ken,

But I don't want to do forms authentication. What I want to do is, ideally,
write a function that will prompt the user to re-authenticate against their
Windows domain account, return true if successful and false if not.

Then I would put the function in the button click event; if returns true I
continue to do more code, if returns false I give the user an error message
in a label on the page.

I already understand about turning off anonymous access in IIS admin, etc.
But that doesn't actually force the user to re-authenticate, it just provides
the Windows identity info in the context, like the LOGON_USER, etc. And I
don't want them to enter their username and password until they click the
button on the page.

I've tried poking through some of the security classes in the .NET
documentation, but I haven't seen any sample code that points me in the right
direction...


"Ken Cox [Microsoft MVP]" wrote:
[color=blue]
> Hi Keith,
>
> One technique is to redirect them to a page that denies access to anonymous
> users. This throws up the login dialogue box.
>
> In your Web.config, add a <location> before <system.web>
>
> <configuratio n>
> <location path="auth.aspx ">
> <system.web>
> <authorizatio n>
> <deny users="?"/>
> </authorization>
> </system.web>
> </location>
> <system.web>
> ....
>
> Then create a page called auth.aspx.
>
> In your button click code redirect like this:
>
> Private Sub Button1_Click _
> (ByVal sender As System.Object, _
> ByVal e As System.EventArg s) Handles Button1.Click
> Response.Redire ct("auth.aspx" )
> End Sub
>
> Let us know if this helps?
>
> Ken
> Microsoft MVP [ASP.NET]
>
>
>
>
> "Keith H" <khinkle@newsgr oup.nospam> wrote in message
> news:60E11FC6-D49E-45B7-8EFE-03C25034829F@mi crosoft.com...[color=green]
> > I'm looking for a way to force the user to re-authenticate with their
> > Windows
> > username/password/domain after clicking the submit button on an ASP.NET
> > page.
> > This is for an internal application.
> >
> > Does anyone know if/how this can be done?[/color]
>
>
>[/color]

Re: Can I force a Windows Authentication / Login?

What you can do is to trap statuscode = 401 if access is denied or not
(But remember you wuld have to trap "statuscode = 401" in your
global.asax )
And maybe redirect the user to some where and from there....do what ever you
want with them
Hope that helps
Patrick

"Keith H" <khinkle@newsgr oup.nospam> wrote in message
news:E7922A07-E9BD-4867-8712-6F8E1671DE0C@mi crosoft.com...[color=blue]
> Thanks Brock -- I tried this, and it did prompt me to authenticate again
> (with response.status code = 401, not 302), but the behavior is a little
> wacky. Sometimes I authenticate once and it accepts it but then doesn't
> continue to do the rest of the code in the button_click event; other times[/color]
it[color=blue]
> repeats the authentication prompt three times and then DOES continue to do
> the rest of the code.
>
> What I really want is to write a function that forces the user to
> authenticate again, returns true if the user authenticates successfully,
> returns false otherwise; then I can do other code or send the user to an
> error page based on the return value of the function.
>
> It's just the part about forcing the authentication prompt and verifying
> whether it was successful that I don't know how to do.
>
> "Brock Allen" wrote:
>[color=green]
> > All you need to do is send back a 302 response from your page[/color][/color]
(Response.Statu sCode).[color=blue][color=green]
> > As long as you're using Windows authentication and IIS then this will[/color][/color]
trigger[color=blue][color=green]
> > IIS to challenge the browser such that the user must reauthenticate.
> >
> > -Brock
> > DevelopMentor
> > http://staff.develop.com/ballen
> >[color=darkred]
> > > I'm looking for a way to force the user to re-authenticate with their
> > > Windows username/password/domain after clicking the submit button on
> > > an ASP.NET page. This is for an internal application.
> > >
> > > Does anyone know if/how this can be done?
> > >[/color]
> >
> >
> >[/color][/color]

Re: Can I force a Windows Authentication / Login?

Hi Keith,

From your further description, I think your current problem is how to
manually collect the username/password from the enduser and do a windows
logon auhtenticate, yes? The Integrated windows authentication in IIS is
done automatically before each webrequest and we can not manually redo the
authentication. Currently the only available approach may be manually call
the WINDOWS LogonUser API to validate the user acccount, we need to provide
the cleartext username/password when calling this API, do you think this is
possible? If so the following kb article has mentioned use LogonUser API
through .net PInvoke in asp.net application.

#How to implement impersonation in an ASP.NET application


Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security

--------------------
| Thread-Topic: Can I force a Windows Authentication / Login?
| thread-index: AcXLZJySqJqzylO GQpucW7kNlnrfJQ ==
| X-WBNR-Posting-Host: 204.250.153.2
| From: "=?Utf-8?B?S2VpdGggSA= =?=" <khinkle@newsgr oup.nospam>
| References: <60E11FC6-D49E-45B7-8EFE-03C25034829F@mi crosoft.com>
<OgY91TvyFHA.23 72@TK2MSFTNGP10 .phx.gbl>
| Subject: Re: Can I force a Windows Authentication / Login?
| Date: Fri, 7 Oct 2005 10:29:03 -0700
| Lines: 71
| Message-ID: <D714280D-B839-4155-A9A4-81AD52FE3DCC@mi crosoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: TK2MSFTNGXA03.p hx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.p hx.gbl!TK2MSFTN GXA03.phx.gbl
| Xref: TK2MSFTNGXA01.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:1298 60
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| Thanks Ken,
|
| But I don't want to do forms authentication. What I want to do is,
ideally,
| write a function that will prompt the user to re-authenticate against
their
| Windows domain account, return true if successful and false if not.
|
| Then I would put the function in the button click event; if returns true
I
| continue to do more code, if returns false I give the user an error
message
| in a label on the page.
|
| I already understand about turning off anonymous access in IIS admin,
etc.
| But that doesn't actually force the user to re-authenticate, it just
provides
| the Windows identity info in the context, like the LOGON_USER, etc. And I
| don't want them to enter their username and password until they click the
| button on the page.
|
| I've tried poking through some of the security classes in the .NET
| documentation, but I haven't seen any sample code that points me in the
right
| direction...
|
|
| "Ken Cox [Microsoft MVP]" wrote:
|
| > Hi Keith,
| >
| > One technique is to redirect them to a page that denies access to
anonymous
| > users. This throws up the login dialogue box.
| >
| > In your Web.config, add a <location> before <system.web>
| >
| > <configuratio n>
| > <location path="auth.aspx ">
| > <system.web>
| > <authorizatio n>
| > <deny users="?"/>
| > </authorization>
| > </system.web>
| > </location>
| > <system.web>
| > ....
| >
| > Then create a page called auth.aspx.
| >
| > In your button click code redirect like this:
| >
| > Private Sub Button1_Click _
| > (ByVal sender As System.Object, _
| > ByVal e As System.EventArg s) Handles Button1.Click
| > Response.Redire ct("auth.aspx" )
| > End Sub
| >
| > Let us know if this helps?
| >
| > Ken
| > Microsoft MVP [ASP.NET]
| >
| >
| >
| >
| > "Keith H" <khinkle@newsgr oup.nospam> wrote in message
| > news:60E11FC6-D49E-45B7-8EFE-03C25034829F@mi crosoft.com...
| > > I'm looking for a way to force the user to re-authenticate with their
| > > Windows
| > > username/password/domain after clicking the submit button on an
ASP.NET
| > > page.
| > > This is for an internal application.
| > >
| > > Does anyone know if/how this can be done?
| >
| >
| >
|