1

I have the following architecture:-

  • Active directory server
  • IIS which will host asp.net MVC
  • Both the Active directory and the MVC web application are inside our company intranet.
  • I set the Asp.net MVC authentication type to be windows based.

But I have these questions:-

  • If our company employees tries to access the asp.net MVC web application from their home using their personal PC; will windows authentication work?
  • If the above answer is Yes; then how they will be typing their usernames, Something similar to username@ domain.com ?
  • According to my above requirements, should I consider having form based authentication that is connected to AD? Instead of using windows based authentication?

Thanks for any help and advice Best Regards

John John
  • 1
  • 72
  • 238
  • 501

1 Answers1

5

Assuming your website in IIS is visible to the outside through the firewall, then yes it will be accessible from home

depending on the browser, you should get a pop up asking for username and password, and the username should be typed

MYDOMAIN\JOEBLOGGS

This setup may well work fine but it depends on your needs - is your network admin happy to open this server up to the outside world

There can be a quirk if using Internet explorer externally, where IE does not display a pop up box, and instead tries to authenticate with the local windows username, which may not match AD username if it is a personal PC (to get around this on the client, go to Internet Options > Security > Custom Level then scroll down to User Authentication and select 'Prompt for username and password'

JamieA
  • 1,984
  • 4
  • 27
  • 38
  • thanks a lot for your valuable reply. First of all yes I think the admin will allow us to publish the application to outside world (as there will not be other approach to follow to make the application available from any where). And my second question is there other approaches I can follow without having to depend on how each browser will react to the login. I mean will using form based authentication linked to AD a better approach? – John John Jun 05 '13 at 08:52
  • There is an approach detailed here http://stackoverflow.com/questions/2250921/mixing-forms-authentication-with-windows-authentication However, I have never tried this, I think if every user of your app is in active directory it would be preferable to manage their logon accounts centrally, rather than keep a separate table for forms authentication. – JamieA Jun 05 '13 at 09:02
  • thanks for the reply, but if the asp.net mvc is publish to the internet and it have a "windows based" authentication . Then a user access the application from his personal PC out side the company, then will asp.net MVC collect his personal domain username and try to connect with, or it will prompt him to enter s username and password? – John John Jun 06 '13 at 13:22
  • The user should be prompted for username and password, and the username should be prefixed by "mydomain\" . Like I said IE can try to authenticate with the local windows account, but the setting I described should prevent this from occurring. – JamieA Jun 07 '13 at 08:36