This article explains the concept of Windows Authentication in ASP.NET. This article requires a basic understanding of authentication systems in ASP.NET processes. If you are experienced with form authentication then you might have a clear concept of the authentication mechanism.
There are some advantages and disadvantages of all authentication mechanisms and Windows Authentication is no exception.
One good advantage of Windows Authentication is it's security. Your web application will enjoy the same security policy that the Windows OS uses.
And another advantage of Windows Authentication is, the user's credentials will not travel over the internet so there is less security issues from the data transfer.
So, let's implement a simple Windows Authentication in our web application. I have created a web application. It contains one and only one page, as in the following.
![web application]()
And let's open my web.config file to make a small change.
![config file]()
We have added an <authentication> tag within the <system.web> section. And the authentication mode is “Windows”.
So now the application will check whether or not the user has credentials in the server computer. If the user has credentials in the server then he/she is an authenticated user, otherwise not.
In the index.aspx page we would like to print the username in the page_load event.
- protected void Page_Load(object sender, EventArgs e)
- {
- Response.Write("Username := " + HttpContext.Current.User.Identity.Name);
- }
For Windows Authentication the HttpContext will carry a username and other credentials of the user.
Fine, we have done all the settings in the application level. Now we need to make some changes in IIS Manager to enable Windows Authentication at the IIS level.
So, before going to the IIS configuration, just publish the application in IIS.
Now select your application and click on the Authentication tab as in the following screen.
![authentication tab]()
After clicking on the authentication tab, it will open the following screen.
![windows authentication enable]()
Here we are seeing that the Windows Authentication is enabled and all others are disabled. We have now configured Windows Authentication at the IIS level.
If we browse the application then it will ask for a username and password as in the following screen.
![username and password]()
I need to provide my system name (or machine name) and my password and I have provided it.
![machine name]()
If the credentials match then it will show the username, that is nothing but my PC name.
Conclusion
In this article we have implemented Windows Authentication, please keep in mind that Windows Authentication is best when your audience is within the same network.