Re: Authentication from Active Directory and Database based user d

What sort of details do you need?


"Jono Jones" <jonojones78@xxxxxxxxxxxxxxxxx> wrote in message news:5748E48E-8B57-4945-8D44-3E4F9EB0E25B@xxxxxxxxxxxxxxxx
Hi there,

Thanks for your reply. Could you fill in some more details about your
proposed solution?

Any answers are very much appreciated,

Cheers,

Jono

"Nicole Calinoiu" wrote:

Have you considered using forms authentication in your application coupled
with Windows integrated authentication at the IIS level? Rather than having
a login page that prompts users for their credentials, you could then simply
read their AD account name from the LOGON_USER server variable. The role
set would be populated from the db as in any typical forms authentication
scenario.

For setting up page-specific authorization, you don't need separate
web.config files. Instead, you can use the system.web\location element to
set up different access rules for any pages or sub-directories that required
separate configuration.



"Jono Jones" <jonojones78@xxxxxxxxxxxxxxxxx> wrote in message
news:BB405DC9-D403-44B0-A322-89415077BFF6@xxxxxxxxxxxxxxxx
> Hi there,
>
> We have 500 users on our network. I'm writing a web system (asp.net) > where
> you can create a user and give them access to various sections of the
> site.
>
> To create a user you select and existing Active Directory user and just
> attach their permissions (to see different web pages/options on web > pages)
> then save it to a database.
>
> The purpose is to have the system hanging off the intranet and it will
> seamlessly let registered users use the system without logging one > (i.e.
> the
> fact they they are logged into windows is enough).
>
> In the default page I can pick up up the user logged into the machine > and
> test against my DB like so:
>
> If
> temp.isUserRegistered(HttpContext.Current.User.Identity.Name().Split("\",
> 2)(1)) Then
>
> FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name().Split("\",
> 2)(1), False)
> Response.Redirect("menu.aspx")
> end if
>
> What do I need to have set in iis and web.config to prevent users from
> just
> typing in the url for the menu to get into the system. I've had this
> working
> before with forms but not sure with this check with AD users.
>
> Further to this, how would I prevent certain content on a page being
> displayed to a user that doesn't have access to see that particularlink
> for
> example (and example might be a button to take you to the admin > section, I
> don't want the button to be visible a normal user and I don't want a
> normal
> user to able to just browse to the admin.aspx page).
>
> One stipulation is that I can't have a seperate fodler for each type of
> access and thus have separate web.config files.
>
> Just to make it clear, the permissions are set in my web system and > stored
> on my DB. I'm only using AD to check that the user currently logged in > to
> windows is a user within this system (i.e. their username has been > stored
> in
> DB with some permissions).
>
> Many thanks for any help on this one.
>
> Jono
>
>



.