Re: Silly question

From: Matjaz Ladava (matjaz_at__nospam_ladava.com)
Date: 06/19/03


Date: Thu, 19 Jun 2003 10:53:00 +0200


Ok, so we can use the following,

You can use Windows Authentication to authenticate users. When user is
authenticated, his username is part of User.Identity.Name. You can have this
usernames stored in your SQL database in a users Table and work from that
point.
You have the option to use impersonation, which means, that your aspnet
application is running in the context of currently logged on user. Use
Windows Authentication on your SQL server and control the access trough SQL
server. This way authenticated user to your web site will use its
credentials to go to SQL server.
Other approach would be to use Role Based Security (IsInRole command) or
PrincipalPremission, which enables you to programmatically control and check
to which group user belongs and act accordingly.
To encrypt data in your database or in the program See
System.Security.Cryptography class, which implements well known cryptograph
methods (MD5, SHA1, RSA, DES, ....)

-- 
Regards
Matjaz Ladava, MCSE (NT4 & 2000)
matjaz@ladava.com
http://ladava.com
"vincent" <kcchow@csis.hku.hk> wrote in message
news:088701c3363d$1ed33910$a401280a@phx.gbl...
> Thank you for your help
> Maybe I clarify my situation
> My boss assumes that all user are connected in lan
> (since there are other security measures on top)
> Then, I only have to care if the lan user (user ID in
> window) is authorized to my application
> So I use window auth to check the user identity inside my
> auth list or not.
>
> However, my application in fact can be seen as a
> intermediate server, I have to store other confidential
> info. which are stored in SQL table. Those data are needed
> to be encrypted
> So,I  have to use window auth encryption
>
>
>
>
>
>
>
> >-----Original Message-----
> >You can't get a windows password that the user types. You
> can only get User
> >identity trough User.Identity.Name
> >
> >To have a custom authentication I would strongly suguest
> you to use Forms
> >Authentication.
> >
> >-- 
> >Regards
> >
> >Matjaz Ladava, MCSE (NT4 & 2000)
> >matjaz@ladava.com
> >http://ladava.com
> >
> >"Vincent" <kcchow@csis.hku.hk> wrote in message
> >news:075301c33638$28d98b80$a501280a@phx.gbl...
> >> Thx
> >> However, since I have to get the login ID for window, I
> am
> >> using window authentication
> >> Any other method ?
> >>
> >>
> >>
> >> >-----Original Message-----
> >> >If you are using FormsAuthentication, then you can use
> >> method
> >> >FormsAuthentication.HashPasswordForStoringInConfigFile
> >> >
> >> >Se
> >> >http://msdn.microsoft.com/library/en-
> >> us/dnnetsec/html/SecNetHT03.asp?frame=true
> >> >for sample.
> >> >
> >> >-- 
> >> >Regards
> >> >
> >> >Matjaz Ladava, MCSE (NT4 & 2000)
> >> >matjaz@ladava.com
> >> >http://ladava.com
> >> >
> >> >"Vincent" <kcchow@csis.hku.hk> wrote in message
> >> >news:080801c33636$0fe62220$a401280a@phx.gbl...
> >> >> I am new to Asp.Net and new to web application
> >> >> The situation is like this
> >> >> User login and enter his/her information, including
> >> >> his/her password (eg. user ID, password,
> >> email.........).
> >> >> I need to save it in the table of SQL Server. How
> can I
> >> >> encrypt it before sending the information to SQL
> >> Server ?
> >> >> ie.others cannot read the password in the table of
> the
> >> SQL
> >> >> Server
> >> >> Thxthx
> >> >>
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >


Relevant Pages

  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS6 Authentication Problem with SQL Server 2000
    ... They're not accessing SQL directly right? ... > a) if you are using a Windows 2000 Domain, ... > backend SQL Server. ... You need to use Kerberos authentication for this (not ...
    (microsoft.public.inetserver.iis.security)
  • Re: Database Window Missing
    ... If you don't have experience with Access and SQL Server, ... GB upper limit for Access and explaining some of the benefits to SQL ... Open Access and under Window on the Toolbar select one of the Tile ... the database window screen does seem to have the ...
    (microsoft.public.access.externaldata)
  • Re: Security Update for SQL Server 2000 Service Pack 4 (KB948110)
    ... log into SQL Server. ... Authentication) The other is SQL Authentication where, ... the 948110 hotfix will not work on a database server ...
    (microsoft.public.windowsupdate)
  • Re: Database Window Missing
    ... I also agree 100% on the SQL Server migration. ... GB upper limit for Access and explaining some of the benefits to SQL ... Open Access and under Window on the Toolbar select one of the Tile ... the database window screen does seem to have the horizontal ...
    (microsoft.public.access.externaldata)