Overriding windows authentication for a .NET application
- by JoshReedSchramm
I have a .NET application where the homepage (default.aspx) should be accessible by anyone. There is also a reporting page (reporting.aspx) that I want to secure via windows authentication and only allow access to a particular set of AD groups.
Right now the way my web.config is setup it is securing the reporting page but on the home page it prompts the user for login credentials. If they hit esc they can continue to the page though so it isnt actually securing it.
I need to prevent it from prompting the user. How do i need to setup my config.
Here is what i have now -
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow roles="BUILTIN\Administrators, DomainName\Manager" />
<deny users="?" />
</authorization>
...MORE STUFF...
</system.web>
<location path="default.aspx">
<system.web>
<identity impersonate="false" />
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>