Windows authentication for Intranet/Internet

Question

I am developing an ASP.net web application for my company. Some users use this site in internal network and some will use internet site. I am usin Windows Authentication mode.

I no need to prompt windows authentication mode for intranet user and prompt windows authentication mode for internet user.

How can I do this.

Answer 1

As far as I know windows authentication can be used only for the intranet but you can also include forms authentication to authenticate internet users. This page has some info and a link for a tutorial on how to do this.

Answer 2

I would likely deploy the application on two different servers. windows authentication on a server inside the firewall that is accessible and avaible to windows authenticated users. on the public face, you set the web config to use forms authentication and then worry about securing the connection to the backend.

however, if you want to use a single server for this you might want to read this MSDN article : Mixing Forms and Windows Security in ASP.NET

Answer 3

Based on what your are describing, Windows Authentication in IIS will do the trick.

First some links:

• Technet as an article about the Windows Authentication in IIS here
• MSDN tells you how to use Windows Authentication with ASP.NET 2.0 applications here

However note the following:

Single singon (i.e. accessing the application without providing a username and password) will occur if all the following are true:

• The client computer and the server are part of the same Active Directory domain.
• The user session on the client computer is a user from the AD domain.
• The client computer has access to a domain server (i.e. the server responsible for the user login)
• The browser is Internet Explorer.
• The URL used points to the FQDN of the server (i.e. http://SERVERNAME.DOMAIN.NAME/ not just http://SERVERNAME/
• The authorized users must have read access to the application directory if you are using impersonate. The application will be running with their credential basically. (more details in the MSDN article)

Under any other cicompstances the user will be prompted for credential (username and password) for an account within the Active Directory Domain. So user accessing your webserver from the internet would get a popup asking them to provide a username and password.

Be advise that for user not using single signon (user being prompted for username and password) the HTTP authentication mode will most likely be BASIC which mean that any body that can intercept that connection will be able to see the username and password being exchanged. If you go with this technique make that the connection between client and server is encrypted (HTTPS or maybe a VPN).

Answer 4

Make sure your webserver is running on a domain and all your Intranet users have read access to the folder containing your website on the Web server.

Then, make sure you have in your web.config (assuming you want to detect which domain user is accessing your site.

Finally, open the IIS manager and right-click the website and choose "Properties". From there click the "Directory Security" tab and click "Edit" by Authentication and Access Control. Uncheck "Anonymous Access" and make sure "Integrated Windows Authentication" is checked. This should make the website behave as expected (assuming your intranet clients use IE)