When does ASP.NET authentication occur?

I have an application where I display every Active Directory group that the current user belongs to. When I have my config setup like this:

    <authentication mode="Windows"/>
    <authorization>
        <deny users="?"/>
        <allow users="*"/>
    </authorization>

It works fine. When it's like this:

    <authentication mode="Windows"/>
    <authorization>
        <!--<deny users="?"/>-->
        <allow users="*"/>
    </authorization>

No groups are found. Why does this make a difference? Does asp.net only authenticate if we are specifically denying access to unauthenticated users?

If it helps this is how i'm getting the groups:

    protected string GetUserGroups()
    {
        StringBuilder userGroups = new StringBuilder();
        ArrayList groupMembers = new ArrayList();
        DirectoryEntry root = new DirectoryEntry("LDAP://myldap/DC=nc,DC=local");
        DirectorySearcher ds = new DirectorySearcher(root);
        ds.Filter = String.Format("(&(samaccountname={0})(objectClass=person))", User.Identity.Name.Substring(User.Identity.Name.LastIndexOf(@"\") + 1));
        ds.PropertiesToLoad.Add("memberof");
        try
        {
            foreach (SearchResult sr in ds.FindAll())
            {
                foreach (string str in sr.Properties["memberof"])
                {
                    string str2 = str.Substring(str.IndexOf("=") + 1, str.IndexOf(",") - str.IndexOf("=") - 1);
                    groupMembers.Add(str2);
                }
            }
        }
        catch
        {
            //ignore if any properties found in AD  
        }
        return String.Join("|", (string[])groupMembers.ToArray(typeof(string)));
    }

Answers


I may be wrong, but I believe this is how it works:

The first time a browser hits a site it does so as anonymous.

If the server says that anonymous isn't allowed, the browser then sends the users windows credentials.

If those credentials don't pass muster, then the browser pops up the login box or (depending on the application) sends them over to a login page.

So, because your site allows anonymous, all of the users are coming in that way.


Need Your Help

How to get the nth place of PI using ruby BigMath

ruby

I am trying to solve a challenge that finds the first 10 digits within pi that are palindromic. To do this, I wanted to iterate through the index of the digits of pi to see if n = n..n+10 reversed...

Arduino + RN-42 Bluetooth module HID

c module bluetooth arduino hid

I am trying to make a "keyboard" with my Arduino Mini Pro and a RN-42 HID Bluetooth module. I can connect to it with my MacBook and it shows up as a Bluetooth keyboard. Also, I can press buttons an...