Re: Intranet and Integrated Windows Authentication

From: Andrew (AndrewR2k1_at_hotmail.com)
Date: 06/24/04 

Date: Wed, 23 Jun 2004 15:47:43 -0700

Joe,

I have gotten a little further on this project....but ran into a problem.
If you could check out my most recent post in this newsgroup titled "Problem
querying LDAP and/or Active Directory" I sure would be grateful. You seem
to have a good grip on this subject, and your input may go a long way.

-- Andrew

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:u0cDCHUWEHA.2816@TK2MSFTNGP11.phx.gbl...
> I like this idea.
>
> Another thing you could do if you absolutely need authenticated and
> anonymous parts of the site AND want to use WIA is put the authenticated
> parts of the site in a different vroot with anonymous access turned off.
>
> If you absolutely must mix and match anonymous and authenticated, then you
> might be able to do something like have two different copies of the site,
> one if a vroot that allows anonymous and one in a vroot that requires
> authentication. In your application, you use use the Context.User
property
> to determine whether the current user is authenticated or not and whether
> they are in certain Windows groups and control the rendering of your pages
> accordingly. It is very likely you could make both versions of the
> application be identical which would make deployment much easier. The app
> would simply decide what stuff to render dynamically at runtime.
>
> Still, it seems like it would be much easier to simply make the whole site
> be authenticated.
>
> Joe K.
>
> "Joe H" <jharri@hotmail.com> wrote in message
> news:em5trvTWEHA.2844@TK2MSFTNGP11.phx.gbl...
> > how about turning on Integrated Windows Authentication. and then
maintain
> a
> > user-list to the resources in the site that you require special access
to?
> > this can be done on a page basis, or a function basis, or a "role"
basis,
> > etc...
> >
> > since this is an "intranet" the word "public" does not have the same
> > meaning, right? in other words, everybody on your network accessing
your
> > intranet should be in active directory. and should therefore be
accounted
> > for when they access ANY part of your intranet site.
> >
> >
> > "Andrew" <AndrewR2k1@hotmail.com> wrote in message
> > news:uEPoX6HWEHA.3024@TK2MSFTNGP09.phx.gbl...
> > > Hey all,
> > >
> > >
> > >
> > > I would like to preface my question by stating I am still learning
> ASP.net
> > > and while I am confident in the basics and foundation, the more
advanced
> > > stuff is still a challenge. Ok. :)
> > >
> > >
> > >
> > > We are looking at redoing our entire Intranet, starting over from
> scratch,
> > > as a .Net website. Our current site has two separate sides, a public
> side
> > > for all viewers, and a secure side for those granted permission can
> access
> > > apps to update web info, databases, etc. In moving to .Net we would
> like
> > to
> > > use Integrated Windows Authentication with our pages. We will be
> putting
> > > the Intranet server under a Domain Controller where the users and user
> > info
> > > will be pulled from.
> > >
> > >
> > >
> > > We would like to have the pages similar to what you would see on eBay,
> or
> > > Amazon, or any number of Blog sites. That is, you can surf and view
and
> > > bounce around all the pages, but unless you log in you cannot view
your
> > > personal information. However, if you do log in, the public pages
take
> on
> > > new buttons or links because those pages know who you are. In
essence,
> > the
> > > public side and secure side merge into one, and page items turn on or
> off
> > > depending on your logged in status.
> > >
> > >
> > >
> > > I have Google'd on "integrated windows authentication" and, of course,
> > have
> > > found numerous websites. It is almost overwhelming. I found a few
good
> > > articles here:
> > >
> > >
> > >
> > > Active Directory Authentication from ASP .NET
> > >
> > >
> >
>
http://msdn.microsoft.com/library/en-us/sds/sds/active_directory_authentication_from_asp__net.asp
> > >
> > >
> > >
> > > Securing an ASP.Net application...
> > >
> > > http://www.dotnetjohn.com/articles.aspx?articleid=19
> > >
> > >
> > >
> > > HOW TO: Authenticate against the Active Directory by Using Forms
> > > Authentication and Visual Basic .NET
> > >
> > > http://support.microsoft.com/default.aspx?scid=kb;en-us;326340
> > >
> > >
> > >
> > > Developing Secure Web Sites with ASP.NET and IIS
> > >
> > > http://www.c-sharpcorner.com/Code/2003/March/SecureSiteWithASPNET.asp
> > >
> > >
> > >
> > > Windows Authentication in ASP.NET
> > >
> > > http://www.dotnetbips.com/displayarticle.aspx?id=10
> > >
> > >
> > >
> > > (Joe Kaplan (MVP - ADSI), if you read this, I also saw your postings
> > > recently on somewhat this subject in this newsgroup.)
> > >
> > >
> > >
> > > I am still having trouble interpreting and understanding all this
> > > information and now look to some of you to help possible translate it
> into
> > > English. The last URL above provided an example that shows how to use
> > > System.Security.Principal to determine the user name and authenticated
> > > status (which I have tested successfully). But this just pulls from
the
> > > system when the user logged in after turning on the PC. The other
URL's
> > > state that in an Intranet environment, IAW is the thing to use - which
> is
> > > where this is going. But I need to offer the ability for a user to
log
> in
> > > and log out, and when not logged in they are set as "anonymous" - not
> just
> > > automatically pull system info. So this seems I need to use Forms
> > > Authentication? Looking at examples of Forms Authentication, at my
> level
> > of
> > > experience, are quite long, involved, and a bit over my head in their
> > > explanations. Do I use one over the other? Both together? Help?
> > >
> > >
> > >
> > > So, I am asking for some help here in understanding the .Net
techniques
> to
> > > develop a website that uses Integrated Windows Authentication (using
> > Active
> > > Directory from a Domain Controller) to authenticate users, but
requires
> > > users to log in, and allows them to log out. I can control the visual
> > > changes on the page(s), I just need help on the log-in/log-out,
> security,
> > > authentication part of it.
> > >
> > >
> > >
> > > Your comments, suggestions, tips, and other input are gladly accepted
> and
> > > appreciated. Oh, and in VB.net if possible please, though I turn away
> > > nothing. :)
> > >
> > >
> > >
> > > -- Andrew
> > >
> > >
> >
> >
>
>

Quantcast