RE: Using AD to grant page and directory accesss

RE: Using AD to grant page and directory accesss

For intranet development.. is there anything terribly wrong with
authenticating users/pages against AD groups to determine what pages,
menus,
features they should be allowed to see and use?

Why the practice using of cookies and session data when testing pages?
And what does role does a directory web config play in AD
authenticated intranet sites?

Would there be any valid reason for asking users to re-enter their AD
user and PW for every intranet Application to confirm they are in the
AD rather than just testing the security of the windows user and AD
role with the
below code or in each directories web.config? Any benefit to caring
around a cookie or Session with
something that is then used to confirm they were authenticated at some
point in the session? What the value of this beyond allowing one user
to authenticate in an intranet site while windows is authenticated as
another user? And is there no risk to session or cookie that could be
easily read and replicated to fool the site?

Whats the best and/or most common practice for intranet website
security?

code:
If (Page.User.IsInRole("XXXADMIN")) Then

web.config (not working for AD or windows security):

<system.web>
<authentication mode="Windows"/>
<authorization>
<allow roles="XXXADMIN" />
</authorization>
</system.web>

For web.config, apparently, roles only apply to membership (aspnetdb)
secuirty and not AD security. Is there any way to set directory
security in the webconfig to check AD groups? Understanding this will
only be for intranet applications where users are expected to be
windows AD authenticated.

Thanks.
.

Relevant Pages

  • single sign on - why not trust AD?
    ... For intranet development.. ... authenticating users against AD groups to determine what pages, menus, ... point in the session? ... to authenticate in an intranet site while windows is authenticated as ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Reading data
    ... Connection object, it will use the security context of the currently logged ... If you're authenticating to your Intranet (i.e. using Integrated ...
    (microsoft.public.windows.server.active_directory)
  • Re: Using AD to grant page and directory accesss
    ... become very useful for managing authentication state if your application ... For intranet development.. ... AD rather than just testing the security of the windows user and AD ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Autentication dialog
    ... I'm not sure what you are trying to do is to implement security on an ... intranet. ... If what u want is Windows Auth i can guide to that.. ... > but i a user type a complete url with the page(some other page in the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Win 2K auto logon
    ... How do I configure a win 2k machine to logon automatically to windows ... Security is not an issue - we have an industrial ... network completely isolated from the internet, intranet etc. ...
    (microsoft.public.win2000.new_user)