This topic is locked

AD Secured + Anonymous in same app: possible?

9/13/2017 2:30:51 PM
ASPRunner.NET General questions
Pete K author

This is a very common design pattern in our shop: a public-facing data form, along with staff-only admin functions for editing, reporting, etc.
For those who have used AD with ASPRunner.NET, is it possible to mix anonymous access with AD-secured content in the same webapp? So far I haven't figured out a way, and I'm thinking it's not possible since AD won't work with anonymous access set in IIS. So far my solution has been to build a public facing app and a separate admin app, both pointed at the same database. It works, but I'm just wondering if there is a better / more streamlined way. With classic ASP and ASP.net web forms, we could turn on anonymous access on a per-page basis, but that doesn't seem to be the case with MVC. (At least with my very limited understanding of MVC.)
I know we can allow guest logins in ASPR, but that seems a bit cumbersome for the end user, particularly when they are asked repeatedly to sign in.
Any ideas?

jadachDevClub member 9/13/2017

If the application allows AD users to login, then I assume they are logged into your network where the application is running. How then can an anonymous access point exist? When you say anonymous user, do you mean that literally (any random person from the public) or is it anyone logged into the network? If it is the latter, then your open forms can be allowed using default role access. Then when authorized users actually login, they have more role access. We have done that a lot where I work.

Pete K author 9/14/2017



If the application allows AD users to login, then I assume they are logged into your network where the application is running. How then can an anonymous access point exist? When you say anonymous user, do you mean that literally (any random person from the public) or is it anyone logged into the network? If it is the latter, then your open forms can be allowed using default role access. Then when authorized users actually login, they have more role access. We have done that a lot where I work.


Yes, I understand about role-based security but in this case I do mean truly anonymous. Only staff and students have accounts, so parents and other community members needing to complete online forms, etc. need to be able to have access without the need for an AD login. I really didn't think it was possible.

jadachDevClub member 9/14/2017

In that case I would definitely build a separate public facing application writing to the same database.

Pete K author 9/14/2017



In that case I would definitely build a separate public facing application writing to the same database.


Thanks for confirming my intuition. Sometimes it's just helpful to throw something out there and see if you have been overlooking anything.