Overriding windows authentication for a .NET application
Posted
by JoshReedSchramm
on Stack Overflow
See other posts from Stack Overflow
or by JoshReedSchramm
Published on 2010-03-18T19:36:24Z
Indexed on
2010/03/18
19:41 UTC
Read the original article
Hit count: 425
I have a .NET application where the homepage (default.aspx) should be accessible by anyone. There is also a reporting page (reporting.aspx) that I want to secure via windows authentication and only allow access to a particular set of AD groups.
Right now the way my web.config is setup it is securing the reporting page but on the home page it prompts the user for login credentials. If they hit esc they can continue to the page though so it isnt actually securing it.
I need to prevent it from prompting the user. How do i need to setup my config.
Here is what i have now -
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow roles="BUILTIN\Administrators, DomainName\Manager" />
<deny users="?" />
</authorization>
...MORE STUFF...
</system.web>
<location path="default.aspx">
<system.web>
<identity impersonate="false" />
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
© Stack Overflow or respective owner