Re: Newbie Windows Authentication, IIs and Intranet vs Internet users.
From: Tom Kaminski [MVP] ((A_at_T))
Date: 10/06/04
- Next message: Joshua Friedman: "IIS IUSR_localmachinename question"
- Previous message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.10.06"
- In reply to: Gramps: "Newbie Windows Authentication, IIs and Intranet vs Internet users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Oct 2004 08:29:22 -0400
"Gramps" <simon_hooker@iprimus.com.au> wrote in message
news:uvLSId1qEHA.348@TK2MSFTNGP15.phx.gbl...
> Hi,
>
>
> My requirement is to verify that a Windows logged-on user is permitted to
> access a given intranet application hosted on IIS
>
> I am to write this Web app.
>
> 1) Is there a best practice approach to this?
See these links:
IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control
IIS 6 Documentation
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/gs_authentication.asp
HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;324274
HOW TO: Configure Internet Information Services Web Authentication in
Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;324276
How To Secure an ASP.NET Application by Using Windows Security
http://support.microsoft.com/default.aspx?scid=kb;EN-US;315736
How do I get my visitors' login name / username?
http://www.aspfaq.com/show.asp?id=2046
> 2) Do user accounts get stored in Db of the new web app? If so, how is
> this affected by a user changing their Windows password?
As Ken said, don't do that.
> 3) I've read doco on authentication, anonymous etc and determined that if
> web application is accessed only from the company intranet then Windows
> Authentication seems possible and without storing account info locally to
> new web app.
> - Is this correct?
> - Can the web app be restricted to certain users rather than all valid
> windows accounts?
a) yes.
b) yes.
> 4) How does windows authentication fit with those users at home say, with
> a dial-up internet connection, trying to access the web app?
They would need to manually provide their credentials.
-- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iisfaq.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://www.tryiis.com
- Next message: Joshua Friedman: "IIS IUSR_localmachinename question"
- Previous message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.10.06"
- In reply to: Gramps: "Newbie Windows Authentication, IIs and Intranet vs Internet users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
