Re: Windows authentication with custom user store
- From: Alexey Smirnov <alexey.smirnov@xxxxxxxxx>
- Date: 23 May 2007 12:30:57 -0700
On May 23, 1:32 pm, Danny Vucinec
<DannyVuci...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I'm building a solution that uses Windows authentication. However, the
Windows users that are allowed to login and use the application are defined
in a custom user store. If a user is successfully authenticated by Windows,
access should be denied to if the user isn't in the custom user store.
Using roles to authorize the users would be a good solution, but the fact
is, that the web application uses both asp.net and classical asp. What other
options could be used? I'm thinking of a custom SessionStateUtility that only
issues a new session after the authenticated user is located in the user
store.
I think that's pretty easy
in ASP read the Request.ServerVariables("LOGON_USER") to determine
user ID and execute a request against the store
in ASP.NET either Request.ServerVariables("LOGON_USER"), or
HttpContext.Current.User.Identity.Name (the authentication mode in the
Web.config <authentication mode="Windows" />) and execute a request
against the store.
When user ID is not found make a redirect to 401.asp (or 401.aspx)
<% Response.Status = "401 Unauthorized" %>
.
- Prev by Date: Re: X.509 Certificate based authentication
- Next by Date: configuring sqldatasource to use a stored procedure from the aspnetdb
- Previous by thread: RE: Windows authentication with custom user store
- Next by thread: configuring sqldatasource to use a stored procedure from the aspnetdb
- Index(es):
Relevant Pages
|
|
