Re: Implementing Security - Advice Please

From: John Saunders (john.saunders_at_surfcontrol.com)
Date: 08/27/03

Next message: frank: "Re: Implementing Security - Advice Please"
Previous message: Kenneth: "Protecting your ASP.NET code with Salamander"
In reply to: frank: "Re: Implementing Security - Advice Please"
Next in thread: frank: "Re: Implementing Security - Advice Please"
Reply: frank: "Re: Implementing Security - Advice Please"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Aug 2003 10:24:04 -0400

"frank" <frank@frank.com> wrote in message
news:%23OerBGKbDHA.1748@TK2MSFTNGP12.phx.gbl...
> "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> news:eXc716JbDHA.2372@TK2MSFTNGP10.phx.gbl...
> > "frank" <frank@frank.com> wrote in message
> > news:elq1cwIbDHA.2344@TK2MSFTNGP12.phx.gbl...
> > > I am in the process of writing a fairly large ASP.NET web application
> and
> > I
> > > am about to implement log-ons, permissions etc. I have never used any
> > > security with ASP.NET before; only classic ASP.
> > >
> > > I would like to base my user's logon information and permissions on
> their
> > > domain account. What is the best way to do this? Can web-based forms
> > > communicate with the domain users accounts? What about storing session
> > > information - how do we do this? Is there any recommended techniques
for
> > > implementing this sort of security? Can anyone point me to any
articles
> > > relating to this subject?
> >
> > You don't say whether or not this is an Intranet application. If it is,
> then
> > you can use Windows Authentication.
>
> It's primarily an Intranet application, although it may be available in
the
> future on the Internet.

Ok, keep in mind that Windows Authentication can work over the Internet.
"Windows Authentication" really means "IIS Authentication", and IIS does
support Basic Authentication which requests a username/password. Do this
over SSL and you should be ok.

-- 
John Saunders
Internet Engineer
john.saunders@surfcontrol.com

Next message: frank: "Re: Implementing Security - Advice Please"
Previous message: Kenneth: "Protecting your ASP.NET code with Salamander"
In reply to: frank: "Re: Implementing Security - Advice Please"
Next in thread: frank: "Re: Implementing Security - Advice Please"
Reply: frank: "Re: Implementing Security - Advice Please"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Implementing Security - Advice Please
... >> You don't say whether or not this is an Intranet application. ... keep in mind that Windows Authentication can work over the Internet. ... "Windows Authentication" really means "IIS Authentication", ...
(microsoft.public.dotnet.security)
"Predicting" authorization?
... >to re-architect our company's intranet in .NET. ... >authentication and authorization scheme is really ... >Windows authentication. ... >the intranet has the necessary functionality they need. ...
(microsoft.public.dotnet.framework.aspnet.security)
Windows Authentication Question for ASP
... If I set up Windows Authentication for an Intranet ... based on their current network connection? ... In other words, if I log into my LAN with DANNYL, ...
(microsoft.public.dotnet.framework.aspnet.security)
"Predicting" authorization?
... authentication and authorization scheme is really ... Windows authentication. ... the intranet has the necessary functionality they need. ...
(microsoft.public.dotnet.framework.aspnet.security)
MAC - NTLM AUthentication
... I am working on the Intranet website & i need to authenticate the Users ... using Windows Authentication. ... Windows OS machine, but the MAC OS Users are not able to log on the Intranet ...
(microsoft.public.dotnet.security)