Similar issue with .NET Security
From: Ed Hastings via .NET 247 (anonymous_at_dotnet247.com)
Date: 04/28/04
- Next message: Sara rafiee: "Re: change password in active directory by webapplication (vb.net)"
- Previous message: Tim Mackey: "secret key string visible in dll"
- Next in thread: Avnrao: "RE: Similar issue with .NET Security"
- Reply: Avnrao: "RE: Similar issue with .NET Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Apr 2004 17:42:50 -0700
Hello; having similar ASP.NET security issues.
Upgrading a number of ASP classic apps to .NET and have everything done but cant figure out how to get the security to work correctly.
Under the ASP Classic implementations security was NT Groups based. Various Groups were created for different access rights, and the apps just checked the logged in user against ADSI to determine if they were in the correct group(s) for whatever access.
This was accomplished quite easily by dim-ing out an object for the Domain and flipping thru the Groups to find the one of interests and then checking to see if the user logged on to the app was in that group, and setting a session variable to that effect.
This had many advantages, including the fact that Networks administered the user accounts, adding & removing people from groups, and so on without Development needing to get involved. It was also easy, and allowed users to log into the system from any machine they happened to be at as themselves.
Under ASP.NET however, Windows authentication picks up the person logged in on the computer itself defeating part of the desired functionality.
So I tried Forms based authentication and though various books list ADSI as being a valid source of comparison for login verification I cant find one line of code on how to do that; all the examples use a custom independently managed Database, XML files, or hardcoding the user info directly in the web config (!), the last to of which strike me as generally bad ideas. I dont have any problem doing the Database option if necessary, but as all of the user security is already set up and better yet administered by Networks I would much rather find a way to use the existing infrastructure to manage this.
Any ideas how to force .NET to accept a forms based authentication and then verify it against ADSI?
Thanx!
--------------------------------
From: Ed Hastings
-----------------------
Posted by a user from .NET 247 (http://www.dotnet247.com/)
<Id>NU9di4RXnUy12Bd0qmE80w==</Id>
- Next message: Sara rafiee: "Re: change password in active directory by webapplication (vb.net)"
- Previous message: Tim Mackey: "secret key string visible in dll"
- Next in thread: Avnrao: "RE: Similar issue with .NET Security"
- Reply: Avnrao: "RE: Similar issue with .NET Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
