My requirements are:
- To build an ASP.NET MVC web application to use Windows-based authentication, since all the users which will be accessing the application are our internal employees, and they have username and password on our company's Active Directory.
So, as I understand, the Windows authentication inside ASP.NET MVC is valid:
- If an employee accesses the web application inside our company intranet then he will be able to login to the MVC application automatically (without the need to enter a username and password).
- If the user logs in to the application using VPN from outside the company intranet, then he still can access the application automatically without the need to enter username and password.
- But what happens if the user accesses the ASP.NET MVC web application using an operating system other than Windows such as Linux? Will Windows-based authentication work from inside or outside the company intranet?
- What will happen if a user accesses the web application from outside the company network using his personal PC using Windows operating system?
Best Answer
In both parts 3 and 4 of your question, the user will be prompted with a username/password window, into which they would enter their Active Directory credentials.
Internet explorer will only automatically log the user in when the site is in the intranet zone in the security settings (you can manually add sites to this zone if they are not automatically picked up.
If exposing this site externally, it would be wide to only expose the site through https