Re: .Net Application and Security

From: Duane Arnold (Notme_at_Notme.com)
Date: 10/31/04 

Date: Sun, 31 Oct 2004 04:44:04 GMT

Leythos wrote:

> In article <42zgd.330482$MQ5.257741@attbi_s52>, Notme@Notme.com says...
>> Leythos wrote:
> [snip]
>> >> I am also kind of curious as to how this would play on a Web Server
>> >> Farm.
>> >
>> > Doing AD/NT authentication of the users is the wrong way to go - you
>> > need to have a table with their website user/password and authenticate
>> > them against that. You don't really need to use SSL for the login since
>> > you already said they are doing a VPN first - VPN will encrypt the data
>> > before they even access the web server.
>> >
>>
>> ACK
>
> Duane, our teams were pushing out .Net applications (ASP/VB) to state
> agencies while it was still in Beta. I can assure you that you don't
> want to use domain accounts for your application, unless it is using
> network resources that are based on the user level permissions on the
> network. If you need role based user security you need to develop a
> schema that permits this - we did for several state agencies and they
> now use it for all apps.
>
>

Yes, I have to do my homework. I am finished with the 4 weeks of .NET
training the company has provided. I am looking into using .Net Remoting to
send Unanchored Business Objects (byVal) not (byRef) to the workstation and
let the client application work with the Business Object and then send it
back. I don't know if I am going to use .Net Web Services SOAP over HTTP or
if I am going to move away for the Web Server and use Binary over TCP. I
got a lot of off hour work at home like reading more books and doing some
examples to get upto speed ASAP and then do some proto-typing.

I am leaning towards Binary over TCP but that means opening port(s) on the
FW for .NET Remote DCOM over the Internet. But it's a VPN connection so
Security shouldn't be going off the deep-end about it.

Duane :)