Overriding windows authentication for a .NET application

Posted by JoshReedSchramm on Stack Overflow See other posts from Stack Overflow or by JoshReedSchramm
Published on 2010-03-18T19:36:24Z Indexed on 2010/03/18 19:41 UTC
Read the original article Hit count: 425

I have a .NET application where the homepage (default.aspx) should be accessible by anyone. There is also a reporting page (reporting.aspx) that I want to secure via windows authentication and only allow access to a particular set of AD groups.

Right now the way my web.config is setup it is securing the reporting page but on the home page it prompts the user for login credentials. If they hit esc they can continue to the page though so it isnt actually securing it.

I need to prevent it from prompting the user. How do i need to setup my config.

Here is what i have now -

<system.web>    
    <authentication mode="Windows" />
    <identity impersonate="true" />
    <authorization>
        <allow roles="BUILTIN\Administrators, DomainName\Manager" />
        <deny users="?" />
    </authorization>    
...MORE STUFF...
</system.web>
<location path="default.aspx">
    <system.web>            
        <identity impersonate="false" />
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

© Stack Overflow or respective owner

Related posts about .NET

Related posts about authentication