Re: Intranet app via remote location (Internet)

How do you want the auth to be done? Your basic options are Windows auth or
Forms auth. Making Windows auth work outside the firewall can be a
challenge as Kerberos requires access to a domain controller and NTLM can be
hard to get working well across firewalls and load balancers (although it
can work). Basic auth actually works fine but requires SSL for security and
won't provide SSO (although maybe you aren't expecting that for the
internet-based users).

All of those options assume the server is domain joined so that it can
authenticate these users.

To use forms auth, you would probably want to use the Active Directory
membership provider. Perhaps since you have custom roles in SQL you would
want to implement a custom SQL-based role provider. You might want to do
that regardless of whether you use Windows auth or Forms auth.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Troy S." <Troy S.@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1304088C-1CA6-407A-A334-1EBC733A0FFE@xxxxxxxxxxxxxxxx
Hello all. I am developing a 2.0 web site whereby the client wants to
give
access to everyone in their company's domain (I assume that means Active
Directory). The site will be accessed from the Internet (outside the
company' intranet). Once logged in, I will grab the authenticated user's
identity and search SQL tables for their app-specific rights. I have
wrestled with the proper settings to enable this functionality but have
yet
to stumble upon the correct solution.

I would think Allow Anonymous Access would be turned off via IIS and
web.config would have something similar to the folllowing in it:

<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow roles="app-specific-role-name" />
<deny users="*" />
</authorization>

I'd greatly appreciate any insight you have or even links to proper
resources. Take care.

Troy


.

Relevant Pages

  • Re: ActiveDirectoryMembershipProvider woes
    ... Basic always challenges for creds (like forms auth) but DOES allow you to specify a default domain which makes it easier usually to deal with username formats. ... "Thomas" wrote in message ... I now remember why I did not use Windows Auth. ... If they had made their find methods in the provider public virtuals instead of private, I'd be able to override them and allow for referrals. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows Authentication to SQL Server?
    ... It would be atypical to use forms auth in the web app and then attempt to do some sort of delegation via Windows auth to SQL. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Connecting to LDAP
    ... And as Dkode also adviced u can easily implement Windows Auth against ... AD.I believe if you would be using basic Auth and integrated Windows ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: LDAP user authentication error with VBScript from ASP
    ... ADSI code has this error. ... Windows authentication instead of forms auth in the first place. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I've been using the below code in my ASP page to authenticate users ...
    (microsoft.public.windows.server.active_directory)
  • Re: nother IPFW question
    ... Otherwise remote sendmails using auth will stall trying ... Alternatively the firewall can ... :Sounds like someone on a remote server connected to some port on your box, ...
    (FreeBSD-Security)