Iron Speed Designer permits you to combine different authentication methods with different authorization methods.
Authentication |
Authorization |
Microsoft IIS |
Web.config |
Behavior |
Database |
any |
any |
any |
Does not use HttpContext and does not depend on IIS settings. |
Active Directory |
any |
Windows authentication Anonymous disabled |
Windows authentication Impersonate = false |
Single sign in, requires password entry for non-intranet users when opening web site |
Active Directory |
any |
Anonymous enabled |
any |
To allow security to work valid account from Active Directory should be used as anonymous. No single sign in. Does not require password for non-intranet users for non-secured pages, requires password for secured pages. |
Windows |
Database |
Windows authentication |
Windows authentication Impersonate = false |
Single sign in, requires password entry for non-intranet users to see even non-secured pages. No way to sign out because currently logged in user is always used in application as well. Password setting in user table is not used. UserID is needed to access roles. |
Windows |
Database |
Anonymous enabled |
any |
Non-secured pages are available for all users. Does not require signing in for Internet users. When secured page is opened, user is redirected to Sign In page to provide user name and password. Effectively the same behavior as Database Authentication / Database role management |
Windows |
None |
Windows authentication |
Windows authentication Impersonate = false |
Single sign in, requires password entry for non-intranet users to see even non secured pages. |
Windows |
None |
Anonymous enabled |
any |
Non-secured pages are available for all users. Does not require signing in for Internet users. Secured pages are not available: User will be redirected to Sign In page but no user name and password will succeed. |
SharePoint |
SharePoint |
Any |
Any |
SharePoint security does not use HttpContext and does not depend on Microsoft IIS settings. |
Authentication and impersonation are set separately in your application’s Web.config file, e.g.:
< authentication mode="Windows" />
< identity impersonate="true" />
When application is configured to run using .NET Framework 4.5 and later, Iron Speed Designer uses Microsoft IIS Express as development server. To make sure that your application is able to use Windows or Active Directory authentication please see Configuring IIS Express.
Iron Speed Designer-built applications will redirect to the Sign In screen when Windows Authentication / Database Authorization is configured only when there is no HttpContext.Current.User.Identity present. This can occur when your application’s virtual directory in Microsoft IIS is configured to use anonymous authentication.
When you set Microsoft IIS to use Windows Authentication and are redirected to an “HTTP Error 401.2 - Unauthorized Server” error screen, you are not properly logged into the domain. There could be several causes unrelated related to your Microsoft IIS web server configuration. Most likely the Kerberos authentication is failing or you are trying to use NTLM through a proxy server.
Configuring Your System for Application Security
Configuring Microsoft IIS and IIS Express for Application Security
Active Directory Role Management
Configuring Microsoft Active Directory
Microsoft Authorization Manager (AzMan) Role Management
Configuring Microsoft Authorization Manager (AzMan)