Re: Authentication from Active Directory and Database based user d

Hi Nicole,

I guess I'm asking for a simple example you could point to or give here.

I'll start looking into this today, but I'm not too clear on where I'll go
with this (I'm not too clear on the permissions to see a page or actual
components on a page, depending on oyur level of acces).

Many thanks for your help, I'll start by looking at Forms authentication
again.

Jono

"Nicole Calinoiu" wrote:

What sort of details do you need?


"Jono Jones" <jonojones78@xxxxxxxxxxxxxxxxx> wrote in message
news:5748E48E-8B57-4945-8D44-3E4F9EB0E25B@xxxxxxxxxxxxxxxx
Hi there,

Thanks for your reply. Could you fill in some more details about your
proposed solution?

Any answers are very much appreciated,

Cheers,

Jono

"Nicole Calinoiu" wrote:

Have you considered using forms authentication in your application
coupled
with Windows integrated authentication at the IIS level? Rather than
having
a login page that prompts users for their credentials, you could then
simply
read their AD account name from the LOGON_USER server variable. The role
set would be populated from the db as in any typical forms authentication
scenario.

For setting up page-specific authorization, you don't need separate
web.config files. Instead, you can use the system.web\location element
to
set up different access rules for any pages or sub-directories that
required
separate configuration.



"Jono Jones" <jonojones78@xxxxxxxxxxxxxxxxx> wrote in message
news:BB405DC9-D403-44B0-A322-89415077BFF6@xxxxxxxxxxxxxxxx
Hi there,

We have 500 users on our network. I'm writing a web system (asp.net)
where
you can create a user and give them access to various sections of the
site.

To create a user you select and existing Active Directory user and just
attach their permissions (to see different web pages/options on web
pages)
then save it to a database.

The purpose is to have the system hanging off the intranet and it will
seamlessly let registered users use the system without logging one
(i.e.
the
fact they they are logged into windows is enough).

In the default page I can pick up up the user logged into the machine
and
test against my DB like so:

If
temp.isUserRegistered(HttpContext.Current.User.Identity.Name().Split("\",
2)(1)) Then

FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name().Split("\",
2)(1), False)
Response.Redirect("menu.aspx")
end if

What do I need to have set in iis and web.config to prevent users from
just
typing in the url for the menu to get into the system. I've had this
working
before with forms but not sure with this check with AD users.

Further to this, how would I prevent certain content on a page being
displayed to a user that doesn't have access to see that particularlink
for
example (and example might be a button to take you to the admin
section, I
don't want the button to be visible a normal user and I don't want a
normal
user to able to just browse to the admin.aspx page).

One stipulation is that I can't have a seperate fodler for each type of
access and thus have separate web.config files.

Just to make it clear, the permissions are set in my web system and
stored
on my DB. I'm only using AD to check that the user currently logged in
to
windows is a user within this system (i.e. their username has been
stored
in
DB with some permissions).

Many thanks for any help on this one.

Jono






.

Quantcast