Re: Design for ASP.Net w/ ComponentServices
From: Cenon Del Rosario (cenonmin@ihug.com.au)
Date: 11/29/02
- Next message: Jimmy Tharpe: "Re: URGENT: Why does the SessionID changes in every request?"
- Previous message: Danny Shisler: "Thankyou - Re: Permissions needed for a Windows Forms Control to call a WebService"
- In reply to: nu-k-ar: "Re: Design for ASP.Net w/ ComponentServices"
- Next in thread: nu-k-ar: "Re: Design for ASP.Net w/ ComponentServices"
- Reply: nu-k-ar: "Re: Design for ASP.Net w/ ComponentServices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Cenon Del Rosario" <cenonmin@ihug.com.au> Date: Sat, 30 Nov 2002 07:03:35 +1100
With regards to (2):
This could be what we need ! Is the scenario for this like the following:
1) A user is authenticated by some means we have written.
2) Whenever our ASP.Net code needs to access a secure (ie. Checks for roles)
ServicedComponent, the ASP.Net worker process will cloak itself to look like
the web user and thus access the components under the web user's id.
If this is the case, then this is exatly what we need. Have you got some
sample code that shows how to do this and what configuration is required.
With regards to (3):
What I meant was that we would pass the ASP.Net User object (or something)
down to the ServicedComponents whenever some role checking was required and
we would then use our custom code to validate the user's access rights
against a ServicedComponent.
I guess the main reason for all of this is that we want to centralize the
security check in the ServicedComponents tier because we want to use them
with other application outside ASP.Net and don't want to have to administer
two of them. Also, not all our web clients use IE on windows which rules out
kerberos...
Hope you can help...
"nu-k-ar" <nospam@plz.com> wrote in message
news:eyPHhNrlCHA.1464@tkmsftngp07...
> 1) Does this imply that the user accessing the ASP.Net system has to be
> > using IE and Windows (We are looking for a way to do this regardless of
> the
> > browser) ?
>
> yes , cause kerberos only works inside the domain or trusted domain
> this should change in .net server
> http://www.secadministrator.com/Articles/Index.cfm?ArticleID=26450¨
>
> this is due the KDC ( kerebros Distribution center is tied into the
AD -port
> 88)
> if u want to get a ticket outside the domain u have to proxy theTGT Ticket
> Granting Server to the Net , and Kerberize u're apps
>
> which u should do with web-services and ws-security/SAML
> there's a nice paper of that on
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/h
> tml/securitywhitepaper.asp
>
>
> 2) If this is the case, does it mean that we will have to impersonate the
> > user on the ASP side when accessing the ServicedComponents ?
>
> depends on your scenario
> u can cloak the user, which means that the serviced components runs under
> his own identity (server) and uses this Identity too accses the Resources
> i use it this way a lot.
> if u're happy with that, it's ok
>
> in fact if u using a mandat based sql-server in which the data is
displayed
> in context of your role/Identity u'll have to use impersonation/delegation
> to the remote server ( 3-tier )
>
>
> 3.)
> never done ...
>
>
> "Cenon Del Rosario" <cenonmin@ihug.com.au> wrote in message
> news:en4gnAllCHA.1464@tkmsftngp07...
> > Some questions:
> > 1) Does this imply that the user accessing the ASP.Net system has to be
> > using IE and Windows (We are looking for a way to do this regardless of
> the
> > browser) ?
> > 2) If this is the case, does it mean that we will have to impersonate
the
> > user on the ASP side when accessing the ServicedComponents ?
> > 3) If this is still the case, is it then easier to design and use our
own
> > security system when doing checks at the ServicedComponent level ?
> >
> > Thanks.
> >
> > "nu-k-ar" <nospam@plz.com> wrote in message
> > news:uewiX$flCHA.1216@tkmsftngp02...
> > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q325894
> > >
> > > By default, Microsoft Windows 2000 uses the Kerberos
> > > protocol for authentication. The Kerberos protocol supports delegation
> and
> > > resolves an NTLM authentication limitation from Microsoft Windows NT
> 4.0.
> > > This article explains how to use delegation in Windows 2000 with COM+.
> > >
> > > http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q283201
> > >
> > >
> > >
> > > "Cenon Del Rosario" <cenonmin@ihug.com.au> wrote in message
> > > news:ubsytrflCHA.1588@tkmsftngp02...
> > > > I was wondering if anyone can suggest a design for using ASP.Net
> > together
> > > > with ServicedComponents particularly in the area of security between
> the
> > > > two.
> > > >
> > > > Thank you.
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Jimmy Tharpe: "Re: URGENT: Why does the SessionID changes in every request?"
- Previous message: Danny Shisler: "Thankyou - Re: Permissions needed for a Windows Forms Control to call a WebService"
- In reply to: nu-k-ar: "Re: Design for ASP.Net w/ ComponentServices"
- Next in thread: nu-k-ar: "Re: Design for ASP.Net w/ ComponentServices"
- Reply: nu-k-ar: "Re: Design for ASP.Net w/ ComponentServices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
