A crucial aspect of any Intranet / company level Web Application is controlling user access. To properly implement user access control you must first have users authenticate themselves with your application. Fortunately, Windows Authentication in ASP .NET makes this process easier and more user-friendly.
By enabling “Integrated Windows Authentication” in IIS, you can access the Windows’ authentication credentials of a user accessing your site without asking for their username and password. The automatic authentication appears to only work with Internet Explorer, but in the event that someone is using a different browser or they are not properly authenticated in Windows, a login dialog will be created before the user can proceed.
After enabling this feature in IIS, create a web.config file in the root of your ASP .NET application with the following directives:
...
<system.web>
...
<authentication mode="Windows" />
...
<authorization>
<deny users="?" />
</authorization>
...
</system.web>
...
The deny directive does exactly what it implies: denies user access matching the specified value. The value of “?” signifies anonymous users. You can also use the wildcard “*” for all, which, if used in conjunction with specific allow directives, will only grant those specified users access.
Now your ASP .NET application will not process a page until it is properly authenticated, and inside your application you can access user related data via the User property:
Dim username as String
username = User.Identity.Name
For the complete reference of User and User.Identity specifications check out the following MSDN pages:
