Windows Authentication Bypass

Question

Windows Authentication Bypass

I have an ASP.NET intranet application configured to run in Windows Integrated Authentication mode. It worked fine until recently, when the need arose.

What is needed for an intranet to be checked for availability by using the availability check, which is a Windows service. What checker does goes to the ASP.NET page and checks the response object. Since the Windows service does not work with the domain user account, it receives

The remote server returned an error: (401) Unauthorized.

I am considering adding a new asp.net page for verification, and I want to tell the system not to authenticate it. But I believe that authentication takes place before the application even gets the opportunity to view the page, that error 401 is returned before the application code "sees" the page.

What are my options for this?

Thank!

John

+5

authentication windows asp.net

John Aug 9 '12 at 20:41

source share

2 answers

Jupaol · Answer 1 · 2012-08-09T21:06:49+0000

Besides adding a new folder, as @GordonBell commented, you can use the element locationin the root web.config file.

Example:

  <location path="YourFile.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

Gordon bell · Answer 2 · 2012-08-09T20:53:16+0000

Try the following:

Add a new folder to your site (for example: / Check)

Enter / Verify, create a new web.config containing:

<configuration>
  <system.web>
    <authentication mode="Windows" />
    <authorization>
      <allow users="?"/>
      <allow users="*"/>
    </authorization>
  </system.web>
</configuration>

Then everything you access in / Check should not be authenticated.

Windows Authentication Bypass

More articles: