Re: Silly question

From: Matjaz Ladava (matjaz_at__nospam_ladava.com)
Date: 06/19/03


Date: Thu, 19 Jun 2003 10:53:00 +0200


Ok, so we can use the following,

You can use Windows Authentication to authenticate users. When user is
authenticated, his username is part of User.Identity.Name. You can have this
usernames stored in your SQL database in a users Table and work from that
point.
You have the option to use impersonation, which means, that your aspnet
application is running in the context of currently logged on user. Use
Windows Authentication on your SQL server and control the access trough SQL
server. This way authenticated user to your web site will use its
credentials to go to SQL server.
Other approach would be to use Role Based Security (IsInRole command) or
PrincipalPremission, which enables you to programmatically control and check
to which group user belongs and act accordingly.
To encrypt data in your database or in the program See
System.Security.Cryptography class, which implements well known cryptograph
methods (MD5, SHA1, RSA, DES, ....)

-- 
Regards
Matjaz Ladava, MCSE (NT4 & 2000)
matjaz@ladava.com
http://ladava.com
"vincent" <kcchow@csis.hku.hk> wrote in message
news:088701c3363d$1ed33910$a401280a@phx.gbl...
> Thank you for your help
> Maybe I clarify my situation
> My boss assumes that all user are connected in lan
> (since there are other security measures on top)
> Then, I only have to care if the lan user (user ID in
> window) is authorized to my application
> So I use window auth to check the user identity inside my
> auth list or not.
>
> However, my application in fact can be seen as a
> intermediate server, I have to store other confidential
> info. which are stored in SQL table. Those data are needed
> to be encrypted
> So,I  have to use window auth encryption
>
>
>
>
>
>
>
> >-----Original Message-----
> >You can't get a windows password that the user types. You
> can only get User
> >identity trough User.Identity.Name
> >
> >To have a custom authentication I would strongly suguest
> you to use Forms
> >Authentication.
> >
> >-- 
> >Regards
> >
> >Matjaz Ladava, MCSE (NT4 & 2000)
> >matjaz@ladava.com
> >http://ladava.com
> >
> >"Vincent" <kcchow@csis.hku.hk> wrote in message
> >news:075301c33638$28d98b80$a501280a@phx.gbl...
> >> Thx
> >> However, since I have to get the login ID for window, I
> am
> >> using window authentication
> >> Any other method ?
> >>
> >>
> >>
> >> >-----Original Message-----
> >> >If you are using FormsAuthentication, then you can use
> >> method
> >> >FormsAuthentication.HashPasswordForStoringInConfigFile
> >> >
> >> >Se
> >> >http://msdn.microsoft.com/library/en-
> >> us/dnnetsec/html/SecNetHT03.asp?frame=true
> >> >for sample.
> >> >
> >> >-- 
> >> >Regards
> >> >
> >> >Matjaz Ladava, MCSE (NT4 & 2000)
> >> >matjaz@ladava.com
> >> >http://ladava.com
> >> >
> >> >"Vincent" <kcchow@csis.hku.hk> wrote in message
> >> >news:080801c33636$0fe62220$a401280a@phx.gbl...
> >> >> I am new to Asp.Net and new to web application
> >> >> The situation is like this
> >> >> User login and enter his/her information, including
> >> >> his/her password (eg. user ID, password,
> >> email.........).
> >> >> I need to save it in the table of SQL Server. How
> can I
> >> >> encrypt it before sending the information to SQL
> >> Server ?
> >> >> ie.others cannot read the password in the table of
> the
> >> SQL
> >> >> Server
> >> >> Thxthx
> >> >>
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >