R
Richard
I'm building an Intranet Web app to track our company's purchase orders. I
would like to have the employees use the app without being prompted for a
user name and pw, hoping to catch their identities from their Windows account.
Since it's an Intranet app, I'm using Windows authentication, and denying
anonymous access.
Here are the web.config settings for authentication and authorization:
<authentication mode="Windows" />
<identity impersonate="true"/>
<authorization>
<deny users="?" /> <!-- Allow all users -->
</authorization>
In my Page_load event, I am able to get the user's identity once he logs in
to the app, and then I pass that identity to a SQL Server db to retrieve
other info about the employee.
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
If Not Page.IsPostBack Then
Dim wp As WindowsPrincipal
If Page.User.Identity.IsAuthenticated AndAlso TypeOf
User.Identity Is WindowsIdentity Then
Try
wp = DirectCast(Page.User, WindowsPrincipal)
Session("FullDomainName") = wp.Identity.Name
'Check for valid employee in SQL Server db.
If IsValidEmployee(Session("FullDomainName"),
Session("ConnectStringSQL")) Then
'Welcome the user.
lblUser.Text = "Welcome " & Session("FirstName") & " "
& Session("LastName") & "!"
Catch ex As Exception
lblError.Text = ex.Message
imbCreatePO.Visible = False
imbTrackPO.Visible = False
imbApprovePO.Visible = False
End Try
End If
End If
End If
End Sub
What am I missing that is causing the app to display the prompt for a user
name and password? Shouldn't it recognize that the employee is already logged
in to Windows?
would like to have the employees use the app without being prompted for a
user name and pw, hoping to catch their identities from their Windows account.
Since it's an Intranet app, I'm using Windows authentication, and denying
anonymous access.
Here are the web.config settings for authentication and authorization:
<authentication mode="Windows" />
<identity impersonate="true"/>
<authorization>
<deny users="?" /> <!-- Allow all users -->
</authorization>
In my Page_load event, I am able to get the user's identity once he logs in
to the app, and then I pass that identity to a SQL Server db to retrieve
other info about the employee.
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
If Not Page.IsPostBack Then
Dim wp As WindowsPrincipal
If Page.User.Identity.IsAuthenticated AndAlso TypeOf
User.Identity Is WindowsIdentity Then
Try
wp = DirectCast(Page.User, WindowsPrincipal)
Session("FullDomainName") = wp.Identity.Name
'Check for valid employee in SQL Server db.
If IsValidEmployee(Session("FullDomainName"),
Session("ConnectStringSQL")) Then
'Welcome the user.
lblUser.Text = "Welcome " & Session("FirstName") & " "
& Session("LastName") & "!"
Catch ex As Exception
lblError.Text = ex.Message
imbCreatePO.Visible = False
imbTrackPO.Visible = False
imbApprovePO.Visible = False
End Try
End If
End If
End If
End Sub
What am I missing that is causing the app to display the prompt for a user
name and password? Shouldn't it recognize that the employee is already logged
in to Windows?