Introduction
In this article I am describing authentication and authorization for intranet applications using the ASP.NET Web application based on the MVC project template. This intranet application is developed with MVC 4.
There are two main processes used in this application. When a user visits a web site, the process of identifying the user is called Authentication. It is used in combination with Authorization. Authorization is the process of granting the permission to the user. At first any user is authenticated by the ASP.NET then authorized for the resource.
In that context, Windows Authentication is used to access the Intranet Application. If the user is not authorized for the web application, then you do not use the Windows Authentication.
Prerequisites
- Microsoft Visual Studio 2010
- MVC 3 or MVC 4
- IIS 7
Let's start to develop the application with the following sections:
- Intranet Application
- IIS Configuration
- Windows Authentication Configuration
- Accessing Controller
Intranet Application
Create an ASP.NET Web Application using the intranet with the following steps.
Step 1: Open Visual Studio and create a new project as in the following:
![NewProject.jpg]()
Step 2: Select an Intranet Application
![IntranetAppTemplate.jpg]()
Step 3: Debug your application
![HomePage.jpg]()
You can see your workgroup name on the top-right corner of the page.
Step 4: Open the _Layout.cshtml page from the View\Shared folder and modify your <header> code with the following code:
<header>
<div class="content-wrapper">
<div class="float-left">Environment.UserName : @Environment.UserName
<p class="site-title">@Html.ActionLink("Mvc Intranet", "Index", "Home")</p>
</div>
<div class="float-right">
<section id="login">Hello, <span class="username">
@User.Identity.Name</span>!
</section>
<nav>
<ul id="menu">
<li>@Html.ActionLink("Home", "Index", "Home")</li>
<li>@Html.ActionLink("About", "About", "Home")</li>
<li>@Html.ActionLink("Contact", "Contact", "Home")</li>
</ul>
</nav>
</div>
</div>
</header>
Step 5: Debug your application
![HomePage2.jpg]()
IIS Configuration
Let's start the IIS Configuration using the following procedure.
Step 1: Choose IIS Express by right-clicking on your project in the Solution Explorer.
![IISExpress.jpg]()
Step 2: The wizard appears, to confirm the configuration. Click on Yes.
![DialogueBox.jpg]()
Step 3: Select your project and open the Properties window. Do as shown below:
![Properties.jpg]()
Step 4: Debug your application.
Windows Authentication Configuration
Step 1: In your Solution Explorer, select your project and press Alt+Enter to open Properties.
Step 2: Open the Web tab and do as shown below:
![WebProperties.jpg]()
Step 3: To start the Windows Authentication, check the Windows Features:
![WindowsFeatures.jpg]()
Step 4: Open IIS Manager and follow the instructions given below:
- Adding Application
![AdApplication.jpg]()
- Alias and App Pool
Give the alias name for your application and select the application pool that has the 4.0 Framework.
![AddApp2.jpg]()
Note: Please check that the App Pool status is started or not. The same as for your site.
![AppPool.jpg]()
- Browse Application
Select your application and browse it.
![Browse.jpg]()
![BrowsebyIIS.jpg]()
Step 5: In IIS Manager select your application and follow the instructions given below:
- In IIS, Open the Authentication option
![Authentication.jpg]()
- Disable the Anonymous Authentication and Enable the Windows Authentication
![WindowsAuthentication.jpg]()
Accessing Controller
In this section you can provide the Windows Authentication for any controller defined in your Intranet Application. For this you need to add an attribute named AuthorizeAttribute above the controller. So follow the steps below to authenticate your controller.
Step 1: Open your HomeController.cs file and modify your file with the following code:
public class HomeController : Controller
{
public ActionResult Index()
{
ViewBag.Message = "Modify this template to jump-start your ASP.NET MVC application.";
return View();
}
[Authorize(Users = "Nimit")]
public ActionResult About()
{
ViewBag.Message = "Your app description page.";
return View();
}
public ActionResult Contact()
{
ViewBag.Message = "Your contact page.";
return View();
}
}
Step 2: Browse your application by IIS. You can check that, if you open the About Controller, Authentication is required, but no authentication for the Contact Controller.
![BrowseAuthentication.jpg]()
Summary
In the preceding article I described the IIS Configuration, Windows Authentication, IIS Application, Controller Access and all this is done with the Intranet Application developed in MVC 4. So go for this and enjoy. Thanks for reading.