How to enable Windows Authentication

[JEFF]

Greetings, I am trying to use Windows Authentication to control access to my
web app using information from
http://msdn.microsoft.com/en-us/library/ms998358.aspx. I have a very simple
page that has a single login control below. It compiles fine but when I run
it and authenticate with a known good user name and password from my local
machine I get the unhandled exception at the very end. If I remove the
comments from the connection string in the web.config I can authenticate
with using ASP.NET role user. Can someone give me a web.config that would
work in this scenario. I am using Windows 2003 server EE. Thanks in
advance.

Web Page:

<body>
<div>
<form id="form2" runat="server">
<asp:login id="mylogin" FailureText="login failed" runat="server"
Width="100%" OnLoggedIn="mylogin_LoggedIn">
</asp:login>
</form>
</div>
</body>

Web.Config (notice the commented out connection string)

<configuration>
<appSettings/>
<connectionStrings>
<!--<remove name="LocalSqlServer" />
<add name="LocalSqlServer" providerName="System.Data.SqlClient"
connectionString="server=.;database=aspnetdb;Integrated
Security=SSPI"></add>
<add name="LocalSqlServer" connectionString="data
source=.\MSSQLSERVER;Integrated Security=SSPI;AttachDBFilename=aspnetdb;User
Instance=true"
providerName="System.Data.SqlClient" /> -->
</connectionStrings>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
</system.web>
</configuration>

Unhandled Exception:

An error has occurred while establishing a connection to the server. When
connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections.
(provider: SQL Network Interfaces, error: 25 - Connection string is not
valid)

 

[JEFF]

Thanks Alvin, either your missing something or I am missing something and I
think we have already established that I am missing something. I am new to
ASP.NET. I don't want to use SQL server. I don't need it, want it, or
care how to spell it. I am using Windows user accounts on my Windows 2003
server. These is doable right?

Your correct in that if i enable my sql connection string it works but that
is not my goal. I want to have a web application that authenticates with
Windows Local User accounts. That is possible correct?

Thanks for reading this!

 

[Norman Yuan]

If you use Window Authentication and you do not want to use .NET 2.0's SQL
membership provider (thus, no SQL Server), why you need a login page? Using
Windows authentication means you enable Windows Authentication in IIS and
your ASP.NET (Disable IIS's annonimous access, add <authentication
mode="Windows"/> to your web.config), then when the use logs on the computer
to use your ASP.NET, he/she is considered authenticated.

As for your error, if you did not use anything related with SQL Server, even
you do not comment out the <connectionString.../> part in the web.config,
you should not have that error. The error is clearly indicating that you did
used something related with SQL Server in your code (very likely it is the
SQL membership provider, since you are talking login page, but you do not
even know!). If you show your code, it would be easier to point it out.

 

[Mr. Arnold]

Thanks Alvin, either your missing something or I am missing something and
I think we have already established that I am missing something. I am new
to ASP.NET. I don't want to use SQL server. I don't need it, want
it, or care how to spell it. I am using Windows user accounts on my
Windows 2003 server. These is doable right?

If you were developing an Intranet solution and the Web Server was part of a
MS domain behind the firewall, it's doable with Windows authentication, as
the user would give their Windows user-id and psw for the domain to be
authenticated as a domain user, as the Web application using Windows
authentication does the challenge for credentials.

Your correct in that if i enable my sql connection string it works but
that is not my goal. I want to have a web application that authenticates
with Windows Local User accounts. That is possible correct?

If this is a Internet solution, out side the firewall and out side of the
domain, Web application that requires a user to give a user-id and psw to be
authenticated, then SQL server authentication must be used, whereas, the
user credentials are kept in a SQL Server table such as tblUser as an
example, and the user's login credentials are verified against the tblUser
table.

This would also mean that your SQL server usage would use a connection
string where Windows authentication would not be used, and a SQL server
user-id and psw authentication would be used, using a generic user-id and
psw that would be given in the connection string to be used by the Web
application so that all users can access SQL Server to be authenticated
against the User table.

You might want to look-up using Google on how to encrypt a Web.comfit file
as well.

 

[harborsparrow]

Forgive me if this is obvious, or anything, but you are using Internet
Explorer only, right? Firefox and other browsers just won't do
Windows Authentication.