Help With Security Please

kirby.matt_at_gmail.com
Date: 11/27/05

  • Next message: Paul Gielens: "Re: Help With Security Please" 
    Date: 27 Nov 2005 08:39:12 -0800

    Hello, I am in the design stages of an ASP.NET application for my
    company, and I am wondering how I shoudl handle security. Even though
    this application is going to be internal and only 2-3 users, who will
    rarely change, they still insist on making it a web application. My
    first inclination is to use the Web.config and use Authorization to
    authorize the 3 users and deny everyone else. A couple of other apps
    here connect to Active Directory and authenticate the users that way,
    but I feel like that would be overkill and one more connection to
    maintain. There is also the possibilty of having a SQL table. There
    will be no login page, so any kind of authentication will be based on
    the users Windows user id. Any thoughts? Thanks.

  • Next message: Paul Gielens: "Re: Help With Security Please"

    Relevant Pages

    • Re: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind
      ... almost all Windows users demand backward compatibility. ... > security upgrades available on MS's site. ... > and authenticate all mail transfer. ...
      (Full-Disclosure)
    • Re: Security Logging in ADAM
      ... How does an anonymous login authenticate anyone? ... If a bind was performed against ADAM, there should be a matching audit event ... in the security event log on the ADAM machine assuming that logon events are ...
      (microsoft.public.windows.server.active_directory)
    • Re: IAS & Fully-Qualified-User-Name
      ... Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- "Bryan Hunt" wrote in message ... > Logon Failure: ... > Caller User Name: MANAGE1$ ... >>> None of them will authenticate the user. ...
      (microsoft.public.security)
    • Re: NTLM authentication
      ... If I authenticate as I did againt ADAM with their login/pwd, ... Clear the Security EventLog and watch the security events after each bind. ... Note that this can' be done on NT4, so you can only watch the local logon attempts. ... Now, use the "domain\\user" syntax for the username in your DirectoryEntry constructor, where domain is your logon domain and user a domain account. ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Back Doors
      ... If there are ways for nonauthorized programming to breach security, than I for one do not know of them, and they certainly would be APARable. ... It is up to management to decide who needs to be trusted, and it is important for them to make these decisions intelligently. ... That's a consequence of authorization being essentially a two tiered construct. ...
      (bit.listserv.ibm-main)