ASP . NET MVC - Windows Authentication - Browser Authentication Form

Asked

Viewed 928 times

1

I am developing an ASP . NET MVC application whose access permissions will be managed from parameters set for users on Active Directory (AD).

To search for this data from AD I developed methods that send the user’s Username (in our case a registration) and return the complete data (department, full name, etc.).

Authentication is performed through the Windows Authentication, and the Username I search through the following code in the method Session_start class Global.asax:

var matricula = (Request.IsLocal && HttpContext.Current.IsDebuggingEnabled) ? Environment.UserName : User.Identity.Name.Split('\\')[1];

My web.config is configured as follows:

<system.web>
  <compilation debug="true" targetFramework="4.5" />
  <httpRuntime targetFramework="4.5" />
  <authentication mode="Windows" />
  <authorization>
    <deny users="?" />
  </authorization>
</system.web>

The point is that even using the Windows authentication the system opens back and forth an authentication form generated by the browser, in which the user enters his user and password to occur the re-authentication in the company’s network.

Note: In the company we basically use the Mozilla Firefox and the IE (the Chrome is used in only a few units/branches). We need the authentication rule to fit both browsers. The tests I did were on Firefox.

However, considering that this is an application on the company’s intranet, the business rules and the fact that the user has already logged in to the domain of the company, we felt that such a need for authentication should not be necessary.

Considering this situation, I ask for help to clarify if there is any configuration error in the project that is causing this sporadic opening of the Browser authentication form or if any configuration is missing.

  • Which browser are you using for testing Windows Authentication?

  • Good afternoon. Here they use Firefox and IE in every company, so the system should run with these rules in both browsers. The tests were done with Firefox. I will update the question with this info.

1 answer

1

Since you don’t need a login screen, just create an ASP.NET MVC project and change the authentication type, to Windows Authentication:

inserir a descrição da imagem aqui

When you run the Code, you will have the domain/user through the code below in the View created by ASP.NET:

@User.Identity.Name

Access User in Controller

Just use the code below, you will have the user logged in:

var User = HttpContext.User.Identity.Name

[Edit]

Based on editing your question, as you just want to remove the login pop-up, you should make some settings on IIS:

  • Disable anonymous authentication (when you open your website settings, you are in Authentication).
  • And still in authentication, you must enable windows authentication
  • And the IIS server and client must be in the same domain.

The rest is okay.

  • Hello to Cassio. I appreciate your reply, but as I pointed out in the question posted, I already know the Windows Authentication solution and use it in my projects, being the question precisely the fact that even if using this integrated option of authentication the browser opens a form for the user to authenticate with the login and password of the Windows network. My question is precisely whether there is an option to use anonymous authentication and take user data or else a way for Windows Authentication to use user login on the station and not browser authentication data.

  • Arthur, could you show me how your web.config <system.web> works

  • Hello Cassio, I reformulated the question to clarify my question about the authentication form using the Windows Authentication option and put the <system.web>.

  • edited my answer

Browser other questions tagged

You are not signed in. Login or sign up in order to post.