Re: Best way to implement security scenario
From: Ken Schaefer (kenREMOVE_at_THISadopenstatic.com)
Date: 11/23/04
- Next message: Ken Schaefer: "Re: Delegation/Basic Authentication - using browsers other than IE"
- Previous message: Grant: "Re: Domain could not be contacted problem"
- In reply to: Alex Ayzin: "Re: Best way to implement security scenario"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Nov 2004 22:09:54 +1100
Hi,
Sorry to take so long to get back to you.
1. No coding required (well, you need to update web.config)
2. NTFS permissions determine which user accounts can view what pages. Give
whatever users/groups allowed to view the page NTFS Read permissions, and
don't give permissions to other users/groups
Cheers
Ken
"Alex Ayzin" <vzeehhr9@verizon.net> wrote in message
news:OH%23weCEzEHA.1860@TK2MSFTNGP15.phx.gbl...
> Thank you for replying, Ken.
>
> 1. So, if I understand you correctly, no coding is needed at all,
> right?
>
> 2. How's .aspx page is tied to security settings of the that
> subfolder(the one with all of the security settings for the custom group)?
>
> Thanks a lot in advance,
> ---Alex
>
>
> "Ken Schaefer" <kenREMOVE@THISadopenstatic.com> wrote in message
> news:OXaoFp9yEHA.824@TK2MSFTNGP11.phx.gbl...
>> The easiest way to do this would be to:
>> a) change the NTFS permissions on the file - remove Everyone, and add the
>> group you want
>> b) set windows authentication, and identity impersonate=true in
>> web.config
>> c) remove Anonymous Access in IIS Manager, and enable either Basic or IWA
>> authentication
>>
>> Then ASP.NET will require the user authenticate using a Windows account,
>> and will use that account when accessing the file. If the user's supplied
>> credentials do not have NTFS permissions to the file, they'll get an
>> error (Access Denied). If they do have access, then the page will run.
>>
>> Obviously, this isn't the most elegant way of doing it, but if it's just
>> a single page, and you need to get this working in a hurry, that's one
>> possible method.
>>
>> Cheers
>> Ken
>>
>> "Alex Ayzin" <vzeehhr9@verizon.net> wrote in message
>> news:ujbXil3yEHA.3376@TK2MSFTNGP12.phx.gbl...
>>> Hi,
>>>
>>> I'm pretty new to security issues and understand that might question is
>>> pretty basic. But here we go:
>>>
>>> I have a simple webform app; In application root
>>> (Intepub\wwwroot\appname) I have a folder that contains a single text
>>> file. Only those who has an access(readOnly) to that folder(or text file
>>> within the folder) are able to view the content of the displayed page. I
>>> want create a group of users with the access(there are only about 10
>>> people or so). Based on that, user will/or will be able to view the
>>> page. Architect wants me to use Windows security and does not want me to
>>> use web.config file(allow/deny).
>>>
>>> So, I need to create an WindowsIdentity object, then using it
>>> WindowsPrincipal object. Using IsInRole("CustomGroup") will give me a
>>> boolean determining if the user belongs to a group with an access. I see
>>> the picture, but a little unclear on how to proceed further. Are my
>>> initial steps in the right direction and what are my next steps? Please
>>> advise. Any code samples are welcome.
>>>
>>> Thank you,
>>> --Alex
>>>
>>
>>
>
>
- Next message: Ken Schaefer: "Re: Delegation/Basic Authentication - using browsers other than IE"
- Previous message: Grant: "Re: Domain could not be contacted problem"
- In reply to: Alex Ayzin: "Re: Best way to implement security scenario"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
