Re: Windows Authentification against a list of users
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/26/03
- Next message: Ram: "Re: Strong Name - verification using StrongNameIdentityPermission"
- Previous message: Eugene V. Bobukh [MS]: "Re: Strong Name - verification using StrongNameIdentityPermission"
- In reply to: Tom Johnson: "Re: Windows Authentification against a list of users"
- Next in thread: Michael Giagnocavo [MVP]: "Re: Windows Authentification against a list of users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 17:35:35 -0500
This might be a better question posed to the aspnet security newsgroup as
there are probably people who have dealt with this scenario directly before.
I'm kind of surprised that AuthenticateRequest gets called if the user
doesn't authenticate, but maybe I misunderstand something.
However, have you considered just returning a 401 "Not Authorized" error if
the user isn't authenticated properly? If it is an authorization thing you
are trying to do (the user isn't in the correct role to use the
application), then you should be able to use the UrlAuthorizationModule to
kick them out of the application. You just need to make sure the new
principal you create replaces the value in context.User and make sure in
your web.config that the authorization section is set up to allow your role
and deny *. Then the URLAuthorizationModule will kick the user out of the
application for you and you don't have to do anything in you code to
accomplish this. If you want a friendlier page, then you may need to come
up with a custom error redirect page for the 401 result that the module will
produce.
Hope that helps.
Joe K.
"Tom Johnson" <tom@usa.net> wrote in message
news:OF9kslzODHA.1364@TK2MSFTNGP10.phx.gbl...
> Hello Joe
>
> An internal reglement demand me to implement Nt security so i need to use
> WindowsAuthentification. But a personnel idea is to save roles and groups
in
> the db instead of calling IT swat ;) to manage NT groups for to users so
i
> think that's better to store those info. in the db.
>
> i'm building my custom GenericPrincipal in the
> WindowsAuthentication_OnAuthenticate or in the
> Application_AuthenticateRequest so i can retreive user info in the db but
> the only things that i don't know is how to manage my invalid user.. i
need
> to inform them that they are not allowed in my apps. so i need to redirect
> them to an invalid access page but i fall in a loop if i redirect them..
> So i transfert them.. but i don't wan't to test against the db on all
> request.. but i think that
> i've no way to know if it's the first time that i test it.. because de
> session
> state is not load at this moment..
>
> an idea?
>
> thanks
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> a
écrit
> dans le message de news:OhIGlZgODHA.2312@TK2MSFTNGP12.phx.gbl...
> > One thing you might do would be to validate against a group in the
domain
> > your are authenticating against. Then, you could use the group name
under
> > the allow tag with the Roles attribute. You would be using the AD or
> domain
> > as your list of allowed users instead of your database though.
> >
> > If you absolutely need to validate against a database, you might
consider
> > using Forms authentication instead of Windows authentication and
creating
> > custom roles from your database. Another thing you might do would be to
> > build a new GenericPrincipal object in the AuthenticateRequest event
that
> > contains role information from your database and then validate against
> those
> > roles in the web.config. That would allow you to combine Windows
> > authentication with a custom database-based authorization scheme.
> >
> > There are lots of options. I hope this gives you some ideas.
> >
> > Joe K.
> >
> > "tom johnson" <tom@usa.net> wrote in message
> > news:eHlXojeODHA.2228@tk2msftngp13.phx.gbl...
> > > Hello all,
> > >
> > > i'm sure i'm not the only one that what to do that.
> > > I want to use windows authentification for validate the
> > > user password but i wan't to check if the user is a valid
> > > user in my database.
> > >
> > > so i have this piece of code in my web.config
> > > <authentication mode="Windows" />
> > > <authorization>
> > > <deny users="?" />
> > > <allow users="*" />
> > > </authorization>
> > >
> > > but for the validation against the db... i just don't know.
> > >
> > > can somebody give me a hint for the validation in db.
> > > Just the where and how.... (for validation.. not for
> > > access to db)
> > >
> > > I know that the list of users can be store in web.config
> > > but i need a dynamic list of user so I store it in the db
> > >
> > > thanks... and have a nice day
> > >
> > >
> >
> >
>
>
>
- Next message: Ram: "Re: Strong Name - verification using StrongNameIdentityPermission"
- Previous message: Eugene V. Bobukh [MS]: "Re: Strong Name - verification using StrongNameIdentityPermission"
- In reply to: Tom Johnson: "Re: Windows Authentification against a list of users"
- Next in thread: Michael Giagnocavo [MVP]: "Re: Windows Authentification against a list of users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
