Login Page Security Question...for you .NET pros.......
From: developer1996 (developer1996@operamail.com)
Date: 10/24/02
- Next message: developer1996: "ASP.NET security issue"
- Previous message: pam: "Re: .NET.. is it the IIS server ?"
- Next in thread: Noli San Jose: "Re: Login Page Security Question...for you .NET pros......."
- Reply: Noli San Jose: "Re: Login Page Security Question...for you .NET pros......."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "developer1996" <developer1996@operamail.com> Date: Thu, 24 Oct 2002 07:54:46 -0700
I think I have found a brick wall with .NET. But I may be
wrong. I have a login page and I would like to
authenticate a user against the local users on a stand
along Windows 2000 Server. This is not a domain
controller nor belongs to a domain. I can't use LDAP
because of this. I have anonymous access to this login
page. Is it possible to impersonate a user using the
UserName and Password from the Login page to authenticate
against user accounts on my server?
My solution is to use LogonUser API call. But inorder
to do this the user making the API call must have the "Act
as part of the operating System" priviledge. For security
purposes you better not do that. So what is a guy to
do.....?????????
P.S
I can't use forms authentication because I have 60,000
users as of now and it will increase to 600,000. I would
like to stay away from using a database. I would like to
believe Windows 2000 server can handle 600,000 accounts.
Help!!!!!!!
- Next message: developer1996: "ASP.NET security issue"
- Previous message: pam: "Re: .NET.. is it the IIS server ?"
- Next in thread: Noli San Jose: "Re: Login Page Security Question...for you .NET pros......."
- Reply: Noli San Jose: "Re: Login Page Security Question...for you .NET pros......."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
