Master Yoda Master Yoda - 2 years ago 116
SQL Question

Using windows authentication in asp.net with c#

Im trying to understand how windows authentication works and how to implement it. Ive read quite a few articles and watched some quite length videos on youtube but i still cant my head around what needs to be added to my web.config file/ index.aspx page to make it work properly.

Here is the index.aspx page:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;

namespace asset_management_system
{
public partial class index1 : System.Web.UI.Page
{

DataAccessLayer dal = new DataAccessLayer();

protected void Page_Load(object sender, EventArgs e)
{

}

protected void loginBut_Click(object sender, EventArgs e)
{

string username = usernameTB.Text.Trim();
string password = passwordTB.Text.Trim();

try
{
using (SqlDataReader dr = dal.CheckLoginDetails(username))
{
//if username does not exist
if (!dr.Read())
{
MessageBox.Show("Invalid login details");
}

else
{
//if password matches the username then redirect to home page
if (dr[0].ToString() == password)
{
Session["username"] = username;
Response.Redirect("Home/home.aspx");
}
else
{
MessageBox.Show("Invalid login details");
}
}
}
}
catch (SqlException sqlex) { MessageBox.Show("There may be an issue with the server, please contact the administrator" +
" and provide this error message: " + sqlex); }
catch (Exception ex) { MessageBox.Show("error message: " + ex); }


}//end of loginBut_click method


}//end of class
}//end of namespace


And here is the web.config file

<?xml version="1.0"?>

<configuration>

<connectionStrings>
<add name="Asset management System DBConnectionString" connectionString="Data Source=STEPHENP\SQLEXPRESS;Initial Catalog=&quot;Asset management System DB&quot;;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>

<system.web>

<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>

<authentication mode="Windows">
</authentication>
<identity impersonate="true"/>

</system.web>

</configuration>

Answer Source

You are confusing SQL authentication with Windows authentication.

In order for this web page to work based on Windows authentication, your web.config needs

<authentication mode="Windows">

When you deploy your page to a web server, you need to disable anonymous authentication to restrict external users. Below is a snippet from an IIS7+ web server's authentication section:

enter image description here

enter image description here

If you need to program against logged in user or its group, you need to use the WindowsIdentity Class.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download