Re: Silly question
From: Vincent (kcchow_at_csis.hku.hk)
Date: 06/19/03
- Previous message: Matjaz Ladava: "Re: SSL Transfer"
- In reply to: Matjaz Ladava: "Re: Silly question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Jun 2003 02:08:23 -0700
Thank you very much
>-----Original Message-----
>Ok, so we can use the following,
>
>You can use Windows Authentication to authenticate users.
When user is
>authenticated, his username is part of
User.Identity.Name. You can have this
>usernames stored in your SQL database in a users Table
and work from that
>point.
>You have the option to use impersonation, which means,
that your aspnet
>application is running in the context of currently logged
on user. Use
>Windows Authentication on your SQL server and control the
access trough SQL
>server. This way authenticated user to your web site will
use its
>credentials to go to SQL server.
>Other approach would be to use Role Based Security
(IsInRole command) or
>PrincipalPremission, which enables you to
programmatically control and check
>to which group user belongs and act accordingly.
>To encrypt data in your database or in the program See
>System.Security.Cryptography class, which implements well
known cryptograph
>methods (MD5, SHA1, RSA, DES, ....)
>
>--
>Regards
>
>Matjaz Ladava, MCSE (NT4 & 2000)
>matjaz@ladava.com
>http://ladava.com
>
>"vincent" <kcchow@csis.hku.hk> wrote in message
>news:088701c3363d$1ed33910$a401280a@phx.gbl...
>> Thank you for your help
>> Maybe I clarify my situation
>> My boss assumes that all user are connected in lan
>> (since there are other security measures on top)
>> Then, I only have to care if the lan user (user ID in
>> window) is authorized to my application
>> So I use window auth to check the user identity inside
my
>> auth list or not.
>>
>> However, my application in fact can be seen as a
>> intermediate server, I have to store other confidential
>> info. which are stored in SQL table. Those data are
needed
>> to be encrypted
>> So,I have to use window auth encryption
>>
>>
>>
>>
>>
>>
>>
>> >-----Original Message-----
>> >You can't get a windows password that the user types.
You
>> can only get User
>> >identity trough User.Identity.Name
>> >
>> >To have a custom authentication I would strongly
suguest
>> you to use Forms
>> >Authentication.
>> >
>> >--
>> >Regards
>> >
>> >Matjaz Ladava, MCSE (NT4 & 2000)
>> >matjaz@ladava.com
>> >http://ladava.com
>> >
>> >"Vincent" <kcchow@csis.hku.hk> wrote in message
>> >news:075301c33638$28d98b80$a501280a@phx.gbl...
>> >> Thx
>> >> However, since I have to get the login ID for
window, I
>> am
>> >> using window authentication
>> >> Any other method ?
>> >>
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >If you are using FormsAuthentication, then you can
use
>> >> method
>> >>
>FormsAuthentication.HashPasswordForStoringInConfigFile
>> >> >
>> >> >Se
>> >> >http://msdn.microsoft.com/library/en-
>> >> us/dnnetsec/html/SecNetHT03.asp?frame=true
>> >> >for sample.
>> >> >
>> >> >--
>> >> >Regards
>> >> >
>> >> >Matjaz Ladava, MCSE (NT4 & 2000)
>> >> >matjaz@ladava.com
>> >> >http://ladava.com
>> >> >
>> >> >"Vincent" <kcchow@csis.hku.hk> wrote in message
>> >> >news:080801c33636$0fe62220$a401280a@phx.gbl...
>> >> >> I am new to Asp.Net and new to web application
>> >> >> The situation is like this
>> >> >> User login and enter his/her information,
including
>> >> >> his/her password (eg. user ID, password,
>> >> email.........).
>> >> >> I need to save it in the table of SQL Server. How
>> can I
>> >> >> encrypt it before sending the information to SQL
>> >> Server ?
>> >> >> ie.others cannot read the password in the table of
>> the
>> >> SQL
>> >> >> Server
>> >> >> Thxthx
>> >> >>
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>
- Previous message: Matjaz Ladava: "Re: SSL Transfer"
- In reply to: Matjaz Ladava: "Re: Silly question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
