As my first "sizable" project, I got to work on .NET with C# for the first time. This project was meant to be used by the company employees. So, authenticating users based on their intranet domain credentials was a requirement. To achieve this,i used Windows Authentication with IIS(Internet Information Services) and .NET . In this post, I'll describe how to do this step by step. I'll be using IIS 6 and Visual Studio 2012 for the explanations.
First things first, you need to setup IIS in your Windows machine. To do so, go to Control Panel > Programs and Features. and select Turn Windows Features on or off. Then tick the checkbox for Internet Information Services and click OK.
Then create a new ASP.NET MVC 4 Web Application in VS2012. If you want a basic application, you can do that, or just create a "Internet Application" to proceed with.
Go to the solution's main project and open the Web.config file. in that, find the tag with the name system.web. Now, create a new tag "authentication" inside the scope of system.web. Add an attribute to the newly added tag, mode="Windows".
NOTE : You may already have an authentication tag in your web.config file. In that case,just change the mode into Windows and comment out or remove any <form .... /> kind of tags if you have any.
Now, open IIS Manager from the programs. You may see something like this;
click on the Application Pools, and you may see the list of application pools/environments you have there.if you don't have any, click Add Application Pool on the upper right corner and choose the .NET version you use(in my case, it's v4.0 ). If You don't see your version in the list, you probably have to register your .NET version with IIS. To do this, follow these steps;
- Open Command Prompt
- Change directory to "C:\Windows\Microsoft.NET\Framework64\v4.0.30319"(use Framework instead of Framework64 if you have a 32bit OS)
- Type aspnet_regiis.exe -ir and press Enter(you can use -i if there are no other web sites in the IIS or IIS is freshly installed)
Now the version should be available. You can then right click on the Sites folder and add your .NET MVC Web Application as a new Web site.
Fill out the necessary details in Site Name and Content Directory sections, leave the rest intact. Select an app pool with a compatible .NET version. Give the path to your .NET project as the Physical Path.
Or, you can right click your project in the Visual Studio and go to Properties>Web. in Servers section, click on "Use Local IIS Web Server" and save. you'll be prompted to ask for permission to create a virtual directory,accept it.
Now,try to run your project by clicking the green arrow at the top panel, it probably contains your primary debugging option as in mine it is "Google Chrome".
When you run this for the first time, you may get some error like this(most probably if you created a Internet Application instead of Basic. i'm not so sure of it though);
Basically what happens is that we are directed to a "login.aspx" page even if we are not calling it at the beginning of the application( you can check that out in the project). The way i found out to resolve this was removing some ".dll" files from your References. Click on the References component and locate two dll files in there with names WebMatrix.WebData and WebMatrix.Data. select those and remove them.
Now you'll get some errors in your project. because we remove those 2 dll files, some of the user authentication processes can't run.so the auto generated Account class will give and error and the class InitialzeSimpleMembershipAttributes will also throw some errors.
as we don't need any other authentication, we can delete those files as well. but for the time being, just comment out the lines which gives you errors and build your solution. Now it should build without any error and run your project again. This time, it will go to your Home page just fine(but without any authentication).
Ok,now it's time to add the magic to the application. Go to IIS again, click on the server icon and then select authentication icon from the panel.
After that, you should see a list like this;
if you don't have the options Windows Authentication or Basic Authentication, just go to "Add Programs and Features" and tick these options under IIS folder icon. Then right click on the Windows Authentication and make it enable.also make Anonymous Authentication disable.
after that, do this exactly same steps clicking your web site icon too(probably their settings are automatically changed to enable windows authentication. but check nonetheless). Refresh the server and restart the site by clicking on them and then selecting options on the rightmost panel.
Now you should get a prompt before the homepage is displayed.(sorry i put a screen with mozilla, but chrome had already memorized my credentials and therefore didn't popup the login box)
And that's it! :D. Now you can provide more secure login mechanism to users without having to memorize an additional set of usernames and passwords!.
You can also get the logged in user's name. That might come in handy if you are providing services based on employee levels. So you can check out which user has logged in and provide only necessary services to him/her.
To get the user in your C# code, use;
string name=User.Identity.Name;
Or, in your cshtml code, use;
@User.Identity.Name
I used the above code snippet to display my domain name in the home page. the result was as follows.
Okay guys, it was kind of a lengthy post. Sorry about that. Try this and see if you can get this to work. Happy Coding!!! :D
No comments :
Post a Comment