can we have authentication mode="Forms" in the web.config file and have Integrated Windows Authentication in the IIS?

 Hello,

This might be a strange question but can we have authentication mode="Forms" in the web.config file and have Integrated Windows Authentication in the IIS

Do people do that ? Is it common to do that? and in what cases.

As normally if we have  authentication mode="Forms" in the web.config file then we keep Anonymous Access in the IIS.

Thanks if you can explain this.... 

0
sahajMarg
8/28/2008 8:51:05 PM
asp.net.security 27051 articles. 1 followers. Follow

6 Replies
1142 Views

Similar Articles

[PageSpeed] 37

Windows authentication and forms authentication are completely different authentication mechanisms. For the forms authentication, the user credentials are accepted from the user where as windows uses the authentication mechanism of client browser and IIS.

 Integrated Windows Authentication is best suited for an Intranet application. Also, ASP.NET implements additional authentication schemes using authentication providers, which are separate from and apply only after the IIS authentication schemes. Dont know a combination of this would really work.

 There is another observation, i have seen cases where in the authentication mode in web.config is none. In IIS, both the Anonymous access and the integrated access are checked. So this makes me feel that web.config actually overrides the settings in IIS. This can also be seen with the settings of ScriptTimeout in IIS and httpruntime of web.config.

Raghu

0
ragsofblr
8/29/2008 4:48:04 AM

 If in the web.config the authentication is None and IIS in checked for Integrated Windows authentication and Anonymous?

what will that do? I am curious. Also you mentioned that web.config will override, so that means that practically there is no security as in the config it is NONE.

0
sahajMarg
8/29/2008 1:26:10 PM

 Yes you can. But read this carefully:

Authentication in ASP.NET is different than IIS authetication. You can use ASP.NET Forms authentication to authentica your users in a web page.

In the other hand if you have an IIS authentication you have the options to manage the users that can access to your web server.

Regards Surprise


Christian Manuel Amado Silva
[MCITP] Windows Vista Consumer Support Technician
[MCTS] Windows Vista, Configuration
[MCTS] Microsoft SQL Server 2005
[MOS] Microsoft Office Specialist
[MSP] Microsoft Student Partner

Mark a post as an answer when it is
0
NecroxPy
8/29/2008 1:31:51 PM

Forgetting about asp.net and web.config settings. what does Integrated Windows authentication and Anonymous both checked mean?

0
sahajMarg
8/29/2008 1:37:48 PM

Hi sahajMarg,

Forgetting about asp.net and web.config settings. what does Integrated Windows authentication and Anonymous both checked mean?

It doesn't make much sense when you enable both Windows Integrated and Anonymous authentication.

As we know, if the ASP.NET application requires Windows authentication, the authentication is done by IIS not itself. In other words, if the request can be authorized by IIS, it can access the ASP.NET application. Actually, IIS will use anonymous authentication when it enables by default. That means if you enable anonymous authentication, all the requests will be authorized by IIS to access the ASP.NET application. If you only enable Windows authentication, the domain users can accessible while the anonymous users can't.

Therefore, it's recommended to enable one of them to implement expected authentication.

Thanks.


David Qian
Microsoft Online Community Support

Please remember to mark the replies as answers if they help and unmark them if they provide no help.
0
Wencui
9/2/2008 8:59:33 AM

 It have much sense when you want to have extranet users and intranet user, so you can share the cookie with the form authentication and dont make 2 sites

0
chocolim
4/8/2009 7:28:53 PM
Reply:

Similar Artilces:

can i have <authentication mode="Forms"> in a web.config file in a subdirectory
HI I have a sub-directory in my application called Employers. It has this web.config file <configuration>    <appSettings/>    <connectionStrings/>    <system.web>          <authorization>        <allow roles="Employer"/>        <deny users="*"/>      </authorization>             <authentication mode="Forms">         <forms        name="gps_basic" ...

"Windows" authentication mode in Web.Config Help
Hi, Does anyone know why I'm having problems viewing a page or a pop up login screen when I use <system.web> <authentication mode ="Windows" /> </system.web> I have configured IIS on my PC so I can see other ASP Pages (like forms) Please anyone can help it will be great. Rod. I also have to mention that I get this message in the browser when I add "Windows" mode in the web.config Server Error in '/' Application. -------------------------------------------------------------------------------- Access is denied. Descript...

Using "Windows" authentication to authenticate BUT "Forms" to maintain the user's session?
Is there a way to do this?Basically I want to ensure and pick up users who are already authenticated via AD but use Forms Authentication under the covers once they've been authenticated.  Ideally I'd like to roll this into a custom membership provider so that both internal users (who will have already logged into their machines and been authenticated via AD) and outside users (who will need to use a login control provided on a page) both can have their sessions as maintained in the same way ... AND be associated and use a common roles and profile provider.Any help would be appre...

web.config <authentication mode="Windows">
Hi all, Is there a way to set a permanent value on the web.config file for the authentication policies of my application? So every time I deploy my webform application I don't have to open this file and replace the default value: <authentication mode="Forms"> with the one that I need <authentication mode="Windows">. Thanks ...

web.config error <authentication mode="Windows" />
Hi, I am getting the following error when I deploy to my local server, while it all works fine on VWD 2008’s server, it gives me same error when I deploy locally to IIS and when I deploy to Godaddy.  Line 86:             ASP.NET to identify an incoming user. Line 87:         -->Line 88:         <authentication mode="Windows" />Line 89:         <!--Line 90:    &nbs...

<authentication mode="Forms">forms name=".AUTHCOOKIE"
Hi there, I used authentication mode="Forms" with AUTHCOOKIE. my web.config looks like this <system.web> <authentication mode="Forms"><forms name=".AUTHCOOKIE" loginUrl="default.aspx" protection="All" /> </authentication><machineKey  validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" /><authorization> <deny users="?" /> </authorization>   </system.web>    So far so good, but ... I have a f...

Parser Error Message with <authentication mode="Windows" /> in web.config
I have two ASP.NET applications in two separate directories, directories at the same level.  They are similar, but not idential.  The first works just fine.  The second, newer gives the following error message:  Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. and refers to the line in the web.config file that contains the <authentication mode="Windows" />. &...

Why isn't there a LOGONURL in the <authentication mode="forms"> in the WEB.CONFIG?
I am confusin..... Why isn't there a LOGONURL in the <authentication mode="forms"> in the WEB.CONFIG?   Thanks -heywade Because DNN provides it's own implementation. A Login Module can be used in a page other than the default ctl=Login URL way that loads it off of any page.Do you know the truth when you hear it?...

How to connect PB .NET Web Forms to MS SQL 2005 via SNC using "Windows Authentication"?
Dear All, I have a PowerBuilder native client / server application which connects fine to the Microsoft SQL Server 2005 back-end database via the SNC native driver using "Windows Authentication" (NOT "SQL Server Authentication"). The corresponding program code being used is as shown below: ///////////////////////////////////////////////////////////////////////////////////////////////////////// String ls_userid, ls_password ls_userid = sle_id.Text ls_password = sle_password.Text IF Len(ls_userid) <> 0 AND Len(ls_password) <> 0 THEN // Pro...

<credentials passwordFormat="SHA1" > in Authentication Mode="forms"
Hi there, I need to use credentials Tag but it shows that 'credentials is an invalid child name in Authentication mode.I could not find answer using google.It doesn't look to be any namespace problem. Please Help......... The code are as below. <authentication mode="Forms">        <forms loginUrl="login.aspx" protection="Validation" cookieless="AutoDetect" timeout="30"/>           <credentials passwordFormat="SHA1" &...

authentication mode="Forms" ?
Hi If I use <authentication mode="Forms"> <forms loginUrl="Login.aspx" timeout="480" /> </authentication> with my ASP.net app, then user is forced automatically to login through login.aspx page only. Which is actaully very good for applications. BUt, there are some pages, for which I dont want user to login like help, faq, customer service etc. Such kind of pages are available should be available for all types of users. So, how can I exclude such pages from Form authentication? Please advice. Thanks Pankaj Add...

how do we provide Single sign on/role based authentication in a "web.config" file
we are developing a project in which we need to implement "Single Sign On" or "Role based" security how to achieve this can somebody kindly help on this as soon as possible its very urgent. awaiting for your replies. Well, if you implement SSO by authenticating a user against a Microsoft Active Directory then you can make use of the roles built into AD to implement role based security. You mention doing this "in a "web.config" file". I'm afraid that there's a little more to it than just configuring a web.config There's a great ...

authentication mode="Windows"
hi, i worked a bit with dnn for years; but never got really deep into it. ... what is the so called "integrated windows authentication"? if found a lot about that here in the forum; and no just want to know more about it. are there any "how-to"s (,...) for that? if i use the authentication mode="Windows" (as showen in web.config) what happens? i can't login anymore as host/host or admin/admin. if i have a windows domain, would it be possible, that domain-users don't have to login at dnn / could login with there windows accounts? right right ex...

Authentication mode = "Windows"
  When specifying mode = "Windows" we need to do  modification in the IIS ie either choose "Basic" or "Digest" or "Integrated windows" I am choosing "Integrated windows" based on the development environment setup What i want to know is this modifications is sufficent to run web applications in "windows mode"  Jai Ganesh. J , GSD ,IndiaPlease Mark As Answer If my reply helped you....

Web resources about - can we have authentication mode="Forms" in the web.config file and have Integrated Windows Authentication in the IIS? - asp.net.security

Resources last updated: 1/18/2016 3:12:00 AM