1

I have create a web application in Visual Studio 2010 using C#.

I have two web page and the web application is hosted on a machine that has joined a domain WATSON

The first web page is basically the login page. The end user will enter their username and password and select their domain and click submit.

Now, the problem is that although I use the following code to authenticated the user, but I do not know how should I store the authenticated result as.

using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, txtboxDomain.Text))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials(txtboxUser.Text, txtboxPass.Text);
}

I thought of storing the authenticated result as a cookie but I run the risk that the end-user might disable the cookie setting or the end-user try something funny to the cookie.

Also, I can't be possible putting the login page on each of the web pages that my web application have.

Also, suppose I redirect the end-user who have successfully authenticated to another aspx page, the end-user might just bookmark that aspx page. So, next time, the end-user will just go straight to the aspx page without going to the Login page. Then the end-user will not need to login, which is what I don't want it to happen.

So, how should I go about to enable that only those correct and rightful user are able to access the another aspx page?

Jack
  • 1,603
  • 5
  • 25
  • 36
  • Would you be fine with that if your application would be configured with windows authentication where login page is not required any more? – Gregor Primar Oct 05 '12 at 05:57
  • @GregorPrimar, actually the web application have the windows authentication options enable in the IIS. However, the problem is that the end-user may be logging into the web application from their home computer. Therefore, I was wondering what will happen and therefore I asked such question. – Jack Oct 05 '12 at 06:01
  • If you create a new "Web Application" project in Visual Studio 2010, it includes a fair amount of code to create a default instance of Forms Authentication. I'd start there. – Tieson T. Oct 05 '12 at 06:02
  • @TiesonT., may I know if you are referring to this page - http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.100).aspx – Jack Oct 05 '12 at 06:04
  • 2
    It's a not good idea to pass domain credentials ower the web. I would use something like vpn connection for users that needs to work from home. When vpn connection is established user will join network with specific domain credentials. – Gregor Primar Oct 05 '12 at 06:05
  • @Jack That page will get you started using Forms authentication, yes. – Tieson T. Oct 05 '12 at 06:06
  • Thanks Gregor Primar and Tieson T for pointing the direction. I will see how the things goes along. :) – Jack Oct 05 '12 at 06:08

1 Answers1

0

Take a look at one of my answers how you can set windows authentication on application level:

WindowsIdentity and Classic .Net App Pool

And here is another link how you can limit user access to specific pages, it might get you handy:

How to restrict unlogged/unauthorized users from viewing web pages in ASP.NET

Community
  • 1
  • 1
Gregor Primar
  • 6,759
  • 2
  • 33
  • 46