Re: Securing a .NET webapp with ActiveDir and SQL-server?
- From: "bradbury9" <ray.bradbury9@xxxxxxxxx>
- Date: 17 Jan 2006 06:44:17 -0800
That's what I would do. Hope it helps.
> > - why do you need authorization inside your app? are only specific emps
> > allowed to see specific customers?
>
> Yes.
Use Forms authentication + SSL in the asp.net app. User.isInRole could
help.
> Ok. But should I have my webapp supply the sproc with the name/identity of
> the user as an argument, and have the sproc make an access-check, and create
> a logrecord in my logtable and THEN pass data back to the webapp, or should
> my webapp call a series of sprocs ?
If you impersonate the web app, use integrated security (windows login)
and grant exec on the sproc to the desired roles that shouldn't be
necesary. Maybe this is not too clear..
> Can I have sql-server (sproc) encrypt/decrypt the data instead of the webapp
> (.net) ?
The webapp IMHO. I don't remember how can the SQL server - Web App can
be encrypted using SSL, but it is a good thing.
> > switching to 2.0 is recommended.
>
> In general or for this specific purpose ?
Both things. 2.0 security is better than 1.x (1.x is NOT insecure) and
2.0 has great ASP.NET things.
.
- Follow-Ups:
- Re: Securing a .NET webapp with ActiveDir and SQL-server?
- From: Jim Andersen
- Re: Securing a .NET webapp with ActiveDir and SQL-server?
- References:
- Securing a .NET webapp with ActiveDir and SQL-server?
- From: jba020
- Re: Securing a .NET webapp with ActiveDir and SQL-server?
- From: Dominick Baier [DevelopMentor]
- Re: Securing a .NET webapp with ActiveDir and SQL-server?
- From: Jim Andersen
- Securing a .NET webapp with ActiveDir and SQL-server?
- Prev by Date: Re: System.Security.SecurityException: Request failed.
- Next by Date: User Not associated with a trusted SQL Server connection.
- Previous by thread: Re: Securing a .NET webapp with ActiveDir and SQL-server?
- Next by thread: Re: Securing a .NET webapp with ActiveDir and SQL-server?
- Index(es):
Relevant Pages
|
Loading
