Login with Windows Authentication on IIS

Asked

Viewed 2,566 times

4

I have a base Sqlserver 2008 where all users can connect to it via Windows domain, this works properly via SQL Management Studio.

I am making a C# Application in MVC, and I wanted that when the user accesses the site, I could take this login and password of windows and pass to mount my Connection String.

My String Connection is like this:

conexao = new SqlConnection("Data Source=vc9;Initial Catalog=sgt;Integrated Security=SSPI;Application Name='Controle de Sprint';Pooling=False;User ID=dominio\\usuario;Password=senha;");

So it works, but I can’t get via C# to catch the Windows user of the user who is accessing the site.

It’s got to be done?

  • Each user opens a new connection in their database? You can get the user who is logged in, however, the password is not possible.

  • Yeah, I wanted every user to log in, because at the bank I wanted to know who’s connected. I wanted him to open the site and not ask for the user and password, connect directly.

  • 1

    Do not edit your question for more information. Probably this error is in the form that set up your pool. Open another question stating how it is configured, explaining the error further.

2 answers

7


You cannot get the password from the logged-in user, this goes against Microsoft’s security policy. You can set up an AD account on Application Pool of IIS to make the connection, and can make your system get the user logged in (Windows) in your application, without problems. However, the password you cannot.

For your system to get Windows authentication, just change your web.config for that reason:

<configuration>
  ...
<system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
  ...
</configuration>

For more information, see this answer.

And to get the user logged in, just use something like this:

var usuario = User.Identity.Name;

or depending on where you want this data, this way:

  var usuario = HttpContext.Current.User.Identity.Name

And if you don’t forget to modify the IIS to accept the connection via windows.

On this website you find a tutorial on how to do this.

  • +1. Good alternatives are never enough.

  • So it would be a connection logged only with a user right? It’s just that I have some Rigger in the bank that takes @spid to log and didn’t want to change it.

  • 1

    @lionbtt That way yes. You can get the SPID in the application, but in the BD you will not be able.

3

you must first configure your IIS to perform authentication using Windows Authetication.

To do it in the development environment, open the visual studio, right-click the Mouse on the Project, choose Use IIS Express, should he appear Use Visual Studio Developement Server is pq is already using IIS Express, then need not perform any further action.

Again use the right mouse button, go to Properties/Propriedades and set Anonymous Authentication for false and Windows Authentication for true.

Once the application is published, you need to do the same on the IIS where the application is hosted. to do so select your aplicação, then on the tab IIS choosing Authentication. Set again Anonymous Authentication for false and Windows Authentication for true.

Once done, modify your connection to use Trusted_Connection or Integrated Security. it is not necessary to inform id and password, it will log on using the network user (windows).

<connectionStrings>
  <add name="MyDbConn1" connectionString="Server=MyServer;Database=MyDb;Trusted_Connection=Yes;"/>
  <add name="MyDbConn2" connectionString="Initial Catalog=MyDb;Data Source=MyServer;Integrated Security=SSPI;"/>
</connectionStrings> 
  • I came to make these changes, in VS it manages to connect taking my windows user and password. But when I publish a box appears in the Browser requesting the user and password, but never sure the connection with the bank, always fails.

  • That way it’s clearer to understand, I liked the explanation. + 1

  • @lionbtt, made the change in IIS too? take a look at this guide, maybe images will help you set up.

  • @Tobymosque, I made the change, I only left Windows Authentication enabled, but when I publish the msg Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. I saw that in the pool there is an option Identidade, don’t need to change anything there?

  • @lionbtt, try to use the most basic connectionstring possible, as in the example above, something else, I don’t think it’s a good idea to turn off the pool.

  • 1

    @lionbtt, finally try to use connectionString with Trusted_Connection instead of Integrated Security, these two options should be equivalent, but it costs nothing to try.

  • @Tobymosque changed the line but could not, always the same msg of error. I believe it is a mistake of the IIS, but I am with a bit of urgency and I will change the bank itself and log in as Randrade reported. Thanks for the help.

  • 1

    @lionbtt This error message is because it is trying to access the database with login 'NT AUTHORITY ANONYMOUS LOGON'. There are a few options, like this or change the application pool

  • @Randrade, the second option was the one that worked for me, inform a user and password fixed in the pool. The other even the user logging in is not right. Personal Thank you!

  • Guys, now gave a different msg when logging in, I configured the Web.Config for windows authentication, created a new pool all right. Now he’s trying to get the name of my machine and not the user. the name of my machine is densenvolvedor1, and the windows user is developer domain, and this giving this msg error Login failed for user 'dominio\desenvolvedor1$'.

Show 5 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.