Re: .Net Application and Security

From: Duane Arnold (Notme_at_Notme.com)
Date: 10/29/04 

Date: Fri, 29 Oct 2004 21:58:25 GMT

Leythos wrote:

> In article <Xns9590F23256CA7notmenotmecom@204.127.204.17>,
> notme@notme.com says...
>> Although, I'll be using Basic Authentication for this .Net solution that
>> will be accessing the WEB server over the Internet through a VPN
>> connection, would it be necessary to further protect the domain user-id
>> and password by using SSL. I kind of heard that I could use a HTTPS to
>> protect the user-id and password and then switch over to HTTP once
>> authentication as taken place.
>
> DON'T USE A DOMAIN ACCOUNT - there is little or no reason for using a
> Domain User account to have users LOG INTO a WEB app. Create a database
> table with User/Password and let them log into that.

ACK

>>
>> The E-Commence Web server does have SSL, but the applications will not
>> reside on that server and SSL does cost to put on a second server. I am
>> thinking VPN and SSL is overkill for the user-id and password. The
>> company does have Security people of course and they will dictate what is
>> implemented. I need to come up with solutions that are Internet and
>> Intranet solutions bypassing the Citrix Terminal Server Farm, because it
>> takes too long for a user to get authenticated on dial-up connection as
>> opposed to coming direct over the Internet.
>>
>> I am also kind of curious as to how this would play on a Web Server Farm.
>
> Doing AD/NT authentication of the users is the wrong way to go - you
> need to have a table with their website user/password and authenticate
> them against that. You don't really need to use SSL for the login since
> you already said they are doing a VPN first - VPN will encrypt the data
> before they even access the web server.
>

ACK

Duane :)

Relevant Pages

  • Re: Virtual Directory to a remote UNC not working properly
    ... not auto-login to Internet address by default. ... it eventually accesses a page with NAS URL that looks ... My current authentication method on the Web Server is only set to Integrated ... need to open more holes in the firewall to allow RPC and UNC ports as ...
    (microsoft.public.inetserver.iis.security)
  • Re: Virtual Directory to a remote UNC not working properly
    ... The reason you get a login popup from Intranet is because browsers do ... not auto-login to Internet address by default. ... it eventually accesses a page with NAS URL that looks ... My current authentication method on the Web Server is only set to Integrated ...
    (microsoft.public.inetserver.iis.security)
  • Re: Virtual Directory to a remote UNC not working properly
    ... which works for both the intranet and internet. ... it eventually accesses a page with NAS URL that looks ... My current authentication method on the Web Server is only set to Integrated ...
    (microsoft.public.inetserver.iis.security)
  • Re: Virtual Directory to a remote UNC not working properly
    ... which works for both the intranet and internet. ... it eventually accesses a page with NAS URL that looks ... My current authentication method on the Web Server is only set to Integrated ...
    (microsoft.public.inetserver.iis.security)
  • Log on locally fro basic authentication
    ... Web server is IIS4 on NT4 SP6a ... I'm starting with basic authentication (as not all users use Internet ... Domain Users, but find that whatever I do, U2 and U3 domain users cannot get ...
    (microsoft.public.inetserver.iis.security)