Re: Best way to implement security scenario

From: Alex Ayzin (vzeehhr9_at_verizon.net)
Date: 11/17/04


Date: Tue, 16 Nov 2004 19:59:05 -0500

Thank you for replying, Ken.

1. So, if I understand you correctly, no coding is needed at all, right?

2. How's .aspx page is tied to security settings of the that
subfolder(the one with all of the security settings for the custom group)?

Thanks a lot in advance,
---Alex

"Ken Schaefer" <kenREMOVE@THISadopenstatic.com> wrote in message
news:OXaoFp9yEHA.824@TK2MSFTNGP11.phx.gbl...
> The easiest way to do this would be to:
> a) change the NTFS permissions on the file - remove Everyone, and add the
> group you want
> b) set windows authentication, and identity impersonate=true in web.config
> c) remove Anonymous Access in IIS Manager, and enable either Basic or IWA
> authentication
>
> Then ASP.NET will require the user authenticate using a Windows account,
> and will use that account when accessing the file. If the user's supplied
> credentials do not have NTFS permissions to the file, they'll get an error
> (Access Denied). If they do have access, then the page will run.
>
> Obviously, this isn't the most elegant way of doing it, but if it's just a
> single page, and you need to get this working in a hurry, that's one
> possible method.
>
> Cheers
> Ken
>
> "Alex Ayzin" <vzeehhr9@verizon.net> wrote in message
> news:ujbXil3yEHA.3376@TK2MSFTNGP12.phx.gbl...
>> Hi,
>>
>> I'm pretty new to security issues and understand that might question is
>> pretty basic. But here we go:
>>
>> I have a simple webform app; In application root
>> (Intepub\wwwroot\appname) I have a folder that contains a single text
>> file. Only those who has an access(readOnly) to that folder(or text file
>> within the folder) are able to view the content of the displayed page. I
>> want create a group of users with the access(there are only about 10
>> people or so). Based on that, user will/or will be able to view the page.
>> Architect wants me to use Windows security and does not want me to use
>> web.config file(allow/deny).
>>
>> So, I need to create an WindowsIdentity object, then using it
>> WindowsPrincipal object. Using IsInRole("CustomGroup") will give me a
>> boolean determining if the user belongs to a group with an access. I see
>> the picture, but a little unclear on how to proceed further. Are my
>> initial steps in the right direction and what are my next steps? Please
>> advise. Any code samples are welcome.
>>
>> Thank you,
>> --Alex
>>
>
>



Relevant Pages

  • Re: Avoid users to write to hard drive
    ... because then Windows would not work. ... > If your invated users are limited accounts, ... Or you could create a new folder for My Documents folders, ... > security settings in Documents and Settings, ...
    (microsoft.public.security)
  • Re: HELP! Lost all user permissions on WINDOWS folders
    ... How To Reset Security Settings Back to the Defaults: ... Automating security configuration tasks; Windows Server 2003: ... > which remove ALL users from my Windows 2003 server's C:\WINDOWS folder ...
    (microsoft.public.windows.server.general)
  • Re: My Old Disk Structure - Password Protected Files
    ... Yes, you can recover them. ... You just need to reset the security settings on ... How to take ownership of a file or folder in Windows XP ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: IIS6.0 not allowing file creation on Windows Server2003
    ... I have given the ASPNET user full controll over the folder that the folder ... in Windows XP and Windows Server 2000 but when I have the application on a ... Windows 2003 box I have to set IIS to IIS 5 compatibility mode if I want the ... > Check security settings such as file/folder permissions. ...
    (microsoft.public.inetserver.iis)
  • Re: User has to login twice. Why??
    ... I have tried that and the system hangs. ... The only solution I have found is set the authentication ... type in the web.config file to Windows and do away with the login form. ... >> What security settings need to be changed? ...
    (microsoft.public.dotnet.framework.aspnet.security)