Hi,
We have an 'Intranet Site' and it's being used by 200 employees inside the organization.
It's
.Net framework version is v4.0.
Identity is 'ApplicationPoolIdentity'.
Intranet-Site Authentication - 'Anonymous Authentication' is enabled.
- 'ASP.NET Impersonation and, Forms Authentication is disabled.
I have 2 confusions.
1. (Website Folders are Visible from the Network locations)
Intranet Application folder has been shared with 'All domain users'. - So, this folder is visible to all users. If i remove the share from 'Everyone', then the login page is not displayed.
The Website folders should not be visible to the users (via Network Locations), How to solve this.?
2. (user authentication)
The Login page will get the UserId and password, this credentials will be verified with the 'Active Directory' using LDAP authentication.
The code follows.
public bool IsAuthenticated(string username, string pwd)
{
DirectoryEntry entry = new DirectoryEntry(_path, username, EncryptDecrypt.Decrypt(pwd));
try
{
using (HostingEnvironment.Impersonate())
{
DirectorySearcher search = new DirectorySearcher(entry);
search.ReferralChasing = ReferralChasingOption.None;
search.Filter = "(sAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("Name");
SearchResult result = search.FindOne();
if (result != null)
{
_path = result.Path;
_filterAttribute = (string)result.Properties["Name"][0];
Session["LoggedInUser"] = _filterAttribute;
Session.Timeout = 30;
return true;
}
return false;
}
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
}
This will validate the user, and the home page will be displayed.
Is this enough or any other ways should be used?
Thanks.
What I have tried:
I removes the folder sharing from 'everyone'- INTRANET is not accessible.
If, the INTRANET FOLDER is shared with every users in the domain. - INTRANET is accessible