Support us .Net Basics C# SQL ASP.NET ADO.NET MVC Slides C# Programs Subscribe Buy DVD

Anonymous authentication in - Part 85

Suggested Videos
Part 82 - Application pools in IIS
Part 83 - Applications isolation using application pools
Part 84 - Application pools in IIS Security

Authentication is the process of identifying users. Authorization is the process of granting access to those users based on identity. Together, authentication and authorization secures our Web application.

Authentication - Who is the User?
Authorization - What rights the user has? What resources the user can access?

Most of the public web sites, does not ask the user to enter any user name and password. But still, we will be able to access the content of these web sites. ASP.NET Web applications provide anonymous access to resources on the server. Anonymous authentication allows users to access the public areas of the web site, without prompting the users for a user name or password.

Create an web application. Copy and paste the following code in the Page_Load() event of WebForm1.aspx.cs
Response.Write("Application code executed using ");
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name + "<br/>");

Response.Write("Is User Authenticated: ");
Response.Write(User.Identity.IsAuthenticated.ToString() + "<br/>");

Response.Write("Authentication Type, if Authenticated: ");
Response.Write(User.Identity.AuthenticationType + "<br/>");

Response.Write("User Name, if Authenticated: ");
Response.Write(User.Identity.Name + "<br/>");

Associate the web application, to the local IIS, instead of using the visual studio built-in development server. Use the DefaultAppPool as the application pool. For help on these topics, please check the following parts
Part 82 - Application pool in IIS
Part 83 - Applications isolation using application pools in IIS

In IIS 6.0
IUSR_ComputerName is used for providing anonymous access.

In IIS 7.0
IUSR account is used for providing anonymous access. 

By default anonymous authentication is enabled in IIS. To verify this
1. Open IIS
2. Expand the root node > Sites > Default Web Site
3. Select your web application
4. In the features window, dobule click "Authentication" icon
5. Notice that, anonymous authentication is enabled by default.

Run the application. Notice, that the application pool identity is used to execute the application code. In the next video session, we will discuss about impersonation with anonymous access.

To disable anonymous authentication, click "Disable" link under "actions" in the right hand side panel in IIS. 

To change the account that is associated with anonymous access, click "Edit" link under actions in the right hand side panel in IIS. Notice, that the default account is IUSR. This can be changed to a custom windows account or Application pool identity.

No comments:

Post a Comment

If you like this website, please share with your friends on facebook and Google+ and recommend us on google using the g+1 button on the top right hand corner.