Re: Best way to implement security scenario

From: Alex Ayzin (
Date: 11/17/04

Date: Tue, 16 Nov 2004 19:59:05 -0500

Thank you for replying, Ken.

1. So, if I understand you correctly, no coding is needed at all, right?

2. How's .aspx page is tied to security settings of the that
subfolder(the one with all of the security settings for the custom group)?

Thanks a lot in advance,

"Ken Schaefer" <> wrote in message
> The easiest way to do this would be to:
> a) change the NTFS permissions on the file - remove Everyone, and add the
> group you want
> b) set windows authentication, and identity impersonate=true in web.config
> c) remove Anonymous Access in IIS Manager, and enable either Basic or IWA
> authentication
> Then ASP.NET will require the user authenticate using a Windows account,
> and will use that account when accessing the file. If the user's supplied
> credentials do not have NTFS permissions to the file, they'll get an error
> (Access Denied). If they do have access, then the page will run.
> Obviously, this isn't the most elegant way of doing it, but if it's just a
> single page, and you need to get this working in a hurry, that's one
> possible method.
> Cheers
> Ken
> "Alex Ayzin" <> wrote in message
> news:ujbXil3yEHA.3376@TK2MSFTNGP12.phx.gbl...
>> Hi,
>> I'm pretty new to security issues and understand that might question is
>> pretty basic. But here we go:
>> I have a simple webform app; In application root
>> (Intepub\wwwroot\appname) I have a folder that contains a single text
>> file. Only those who has an access(readOnly) to that folder(or text file
>> within the folder) are able to view the content of the displayed page. I
>> want create a group of users with the access(there are only about 10
>> people or so). Based on that, user will/or will be able to view the page.
>> Architect wants me to use Windows security and does not want me to use
>> web.config file(allow/deny).
>> So, I need to create an WindowsIdentity object, then using it
>> WindowsPrincipal object. Using IsInRole("CustomGroup") will give me a
>> boolean determining if the user belongs to a group with an access. I see
>> the picture, but a little unclear on how to proceed further. Are my
>> initial steps in the right direction and what are my next steps? Please
>> advise. Any code samples are welcome.
>> Thank you,
>> --Alex