How to make the browser prompt for default user authentication pop up?

Question

I have a MVC application in C#. I need it to prompt the default browser authentication login popup as below image.

Then the application supposed to validate it with the Active Directory and get some other information regarding the user from the AD.

I have no issue in validating and getting the user information from AD if I have the username.

So my question is how can I make the browser prompt such modal dialog and how can I access the user's input to validate it with my AD?

Here is what I have so far. The code will only get the username from the logon user and won't prompt the pop up:

private string GetUsernameFromLogon()
    {
        string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
        int index = userName.LastIndexOf("\\");
        if (index > 0)
            return userName.Substring(index+1);
        else
            return null;
    }

Does this answer your question? [User.IsInRole() work in MVC C# class](https://stackoverflow.com/questions/14259063/user-isinrole-work-in-mvc-c-sharp-class) — Cleptus, Apr 14 '20 at 10:28
@bradbury9 nope. I've tried that and it doesn't pop up the modal — sicKo, Apr 14 '20 at 10:30
The popup should be configured at application level (web.config / IIS) is not application provided but web browser provided. [Check this answer](https://stackoverflow.com/questions/17224174/windows-authentication-for-asp-net-mvc-4-how-it-works-how-to-test-it) — Cleptus, Apr 14 '20 at 10:39

score 0 · Accepted Answer · answered Apr 14 '20 at 10:12

0

The browser needs to be told that it must provide basic authentication in subsequent HTTP requests. To do that, you need to set the HTTP header:

"WWW-Authenticate", "Basic"

This will inform the browser that the next request will have basic auth creds

Here is a C# example:

Response.Clear();
Response.StatusCode = (Int32)HttpStatusCode.Unauthorized;
Response.AddHeader("WWW-Authenticate", "Basic");

answered Apr 14 '20 at 10:12

Joel

516
4
7

Is it okay if i want to place this code in global.asax file? In which method is best to place this code? – sicKo Apr 14 '20 at 10:20
It goes in the same controller action as you validate the auth. Check if the basic auth header is there, if so, validate it against AD, if not return the response with HTTP401 Unauthorised, and set the WWW-Authenticate header – Joel Apr 14 '20 at 10:27
so from there, how to get the credential that user key in so that I can validate it with the AD? – sicKo Apr 14 '20 at 10:28
There will be a header on the request, which will be available in your controller. The header key will be "Authorization". It will be base64 encoded, with username and password separated by a colon – Joel Apr 14 '20 at 10:31
I wonder if this is a XY situation [What is the XY problem?](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). It is far easier configuring "use windows autentication" and let the web server/browser do all the job. The browser provides the credentials,the server checks them, and you in the aplication can check the user authenticated – Cleptus Apr 14 '20 at 11:06

How to make the browser prompt for default user authentication pop up?

1 Answers1