I have 2 menus, one is setup for regular users the other is setup for Admin users. I want to check who is logged in (based on their AD login to their computer) and then display to appropriate menu.
I am working on a website. My main page is plain right now, but I'm trying to get authentication working so that I can open up the site to our internal users and keep the admin portions to just the admins. What I've got so far isn't much. Here's the web.config:
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
and here's the default.aspx:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Frontier Reports</title>
<link rel="StyleSheet" href="stylesheet.css" type="text/css">
<script>
var resize = setInterval(function () { chng_iframe_height('MainPageFrame', 'header', 'footer') }, 500);
function chng_iframe_height(ifrid, hid, fid)
{
var eheight = window.innerHeight;
var ifrobj = document.getElementById(ifrid);
var header = document.getElementById(hid);
var footer = document.getElementById(fid);
var header_height = getComputedStyle(header).height;
var footer_height = getComputedStyle(footer).height;
var reserved_height = parseInt(header_height) + parseInt(footer_height);
var reserved_height = reserved_height + 65;
ifrobj.style.height = eheight - reserved_height + "px";
}
</script>
</head>
<body onload="chng_iframe_height('MainPageFrame','header','footer');">
<!-- #include file="MenuCheck.aspx"-->
<div id="header">
<div class="wrap">
<div class="logo">
<h1></h1>
</div>
</div>
</div>
<iframe src="MainPage.aspx" name="MainPage" id="MainPageFrame" FrameBorder=0>
This will show up if Chrome doesn't understand IFrame.
</iframe>
<div id="footer">
<asp:LoginName ID="LoginName1" FormatString="{0}" runat="server" />
<div class="wrap">
<h2></h2>
</div>
</div>
</body>
</html>
As you can see I don't have much. I've tried using a script
to get the username, it did not work. I've also looked at several other answers trying to find something that will work for me. The biggest problem that I've got is that I don't have access to the server itself. All I have is what I've shown above to get this to work. I'm able to display my username on the screen, but I don't know how to use that in an if
else
somewhere so that I can change the menu.
I've check out the following:
How to get Current User who's accessing ASP.net app?
HttpContext.Current.User not populated with Windows Authentication enabled
Using Windows Authentication in ASP.NET
How to check if user is logged in
Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
EDIT
I got this to work:
<% if(1 == 1) {%>
<!-- #include file="AdminMenu.php"-->
<% } else {%>
<!-- #include file="Menu.php"-->
<% } %>
If I try changing it to if(User.Identity.GetUserID() == "CORP\\mmm976")
or to if(User.Identity.Name == "CORP\\mmm976")
then I get a Server Error.
I added this <%using Microsoft.AspNet.Identity%>
to try and get the GetUserID()
to work. Still Server Error.
FINAL EDIT
This now works!
I changed the include in the Default.aspx page to pull in another .aspx page. This way I can have just the code for checking the user and showing the correct menu based on the users login name. Here is the MenuCheck.aspx:
<%@ Page Language="C#" %>
<% if (User.Identity.Name == @"corp\mmm976") {%>
<!-- #include file="AdminMenu.php"-->
<% } else {%>
<!-- #include file="Menu.php"-->
<% } %>
Typically, authentication works out of the box and now you need to learn more about authorization. It's always recommended to use a Role-Based approach because it's more secure and convenient. This means that your admins should belong to a certain admin group which could be use to let them access to the admin area. For a quick and dirty approach you could however think about something like
<% if (User.Identity.GetUserID() == "domain\\user") { %>
<!-- #include file="AdminMenu.php"-->
<% } %>
where domain\user (\\ encoded) is your admin id.
Note, that all this is required to be coded in aspx (not in html) and it does not required forms authentication (which is different with Windows authentication).
Also, all this could be done in another way, e.g. you can create a dedicated /admin subdirectory, that could have restricted access (it also could be configured on server only, without using asp.net).