Click here to Skip to main content
15,664,823 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:

We have an 'Intranet Site' and it's being used by 200 employees inside the organization.

.Net framework version is v4.0.
Identity is 'ApplicationPoolIdentity'.
Intranet-Site Authentication - 'Anonymous Authentication' is enabled.
- 'ASP.NET Impersonation and, Forms Authentication is disabled.

I have 2 confusions.

1. (Website Folders are Visible from the Network locations)
Intranet Application folder has been shared with 'All domain users'. - So, this folder is visible to all users. If i remove the share from 'Everyone', then the login page is not displayed.

The Website folders should not be visible to the users (via Network Locations), How to solve this.?

2. (user authentication)
The Login page will get the UserId and password, this credentials will be verified with the 'Active Directory' using LDAP authentication.
The code follows.
public bool IsAuthenticated(string username, string pwd)
            DirectoryEntry entry = new DirectoryEntry(_path, username, EncryptDecrypt.Decrypt(pwd));
                using (HostingEnvironment.Impersonate())
                    //object obj = entry.NativeObject;
                    DirectorySearcher search = new DirectorySearcher(entry);
                    search.ReferralChasing = ReferralChasingOption.None;
                    search.Filter = "(sAMAccountName=" + username + ")";
                    SearchResult result = search.FindOne();

                    if (result != null)
                        //Update the new path to the user in the directory.
                        _path = result.Path;
                        _filterAttribute = (string)result.Properties["Name"][0];
                        Session["LoggedInUser"] = _filterAttribute;
                        Session.Timeout = 30;
                        return true;
                    return false;
            catch (Exception ex)
                throw new Exception("Error authenticating user. " + ex.Message);

This will validate the user, and the home page will be displayed.
Is this enough or any other ways should be used?


What I have tried:

I removes the folder sharing from 'everyone'- INTRANET is not accessible.
If, the INTRANET FOLDER is shared with every users in the domain. - INTRANET is accessible
Updated 6-May-16 5:40am
Richard Deeming 6-May-16 8:40am    
If you're authenticating against AD, why are you not using Windows authentication?
F-ES Sitecore 6-May-16 9:36am    
If it is an intranet then you're supposed to disable anon access and enable Windows Authentication and that's it, you don't need to write any code at all, your users are automatically authenticated.

1 solution

Enable Windows Authentication and disable Anonymous thats it.
enabling Impersonation depends on Permission of File Access and others (explained in the below link).
use the below code to get the Ntid of the logged user.
string userid = HttpContext.Current.User.Identity.Name; // it will be in DomainName/UserName format .. take care of it. 

refer these articles

ScottGu's Blog - Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application[^]
How to Create an Intranet Site Using ASP.NET MVC[^]
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900