Re: Authentication? Forms without Anynymous access
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/17/05
- Previous message: William Stacey [MVP]: "ImportCspBlob ?"
- In reply to: Paul: "Re: Authentication? Forms without Anynymous access"
- Next in thread: Paul: "Re: Authentication? Forms without Anynymous access"
- Reply: Paul: "Re: Authentication? Forms without Anynymous access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Jun 2005 11:08:32 -0500
If you want to keep using that system and forms auth, then yes.
If you really want to use Windows auth, then you can still do role-based
stuff, but the roles defined for the logged in user will be the user's
domain groups instead.
Joe K.
"Paul" <Paul@discussions.microsoft.com> wrote in message
news:F25D38A5-6795-4245-AFA1-659A0492522A@microsoft.com...
> ok thanks for the response. With my web application I have set up roles
> and a
> page that allows an administrator of the web application to add users and
> set
> these roles, so sounds like I need to have the Authentication method in
> IIS
> (Anonymous access) checked or enabled.
> --
> Paul G
> Software engineer.
>
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> I think you need to have a talk with your admins and help them understand
>> your application better.
>>
>> If anonymous is disabled, that means that users will be authenticated via
>> Windows, generally against a Windows domain, but possible against local
>> machine accounts as well. If your app needs to authenticate users
>> defined
>> in a database, you need to use forms authentication and anonymous must be
>> enabled in IIS for this to work.
>>
>> If the need is for your app to authenticate users in the domain, then you
>> should disable forms auth (switch back to Windows mode in web.config) and
>> authenticate users that way.
>>
>> Joe K.
>>
>> "Paul" <Paul@discussions.microsoft.com> wrote in message
>> news:1BC083A9-9A30-4F93-AE7B-C527FC9BE923@microsoft.com...
>> > Hi I have a .net web application using .net framework 1.1 and am using
>> > forms
>> > authentication (<authentication mode = "Forms">) in web. config file.
>> > So
>> > have a form that inputs user name and password and compares this with a
>> > table
>> > in a dbase. I plan on moving this to a server where they do not allow
>> > Anonymous access, just wondering if the application will still work or
>> > is
>> > Anonymous access just another layer of security?
>> > thanks,
>> > --
>> > Paul G
>> > Software engineer.
>>
>>
>>
- Previous message: William Stacey [MVP]: "ImportCspBlob ?"
- In reply to: Paul: "Re: Authentication? Forms without Anynymous access"
- Next in thread: Paul: "Re: Authentication? Forms without Anynymous access"
- Reply: Paul: "Re: Authentication? Forms without Anynymous access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
