Ask a Question related to ASP.NET Security, Design and Development.
-
frank #1
Implementing Security - Advice Please
I am in the process of writing a fairly large ASP.NET web application and I
am about to implement log-ons, permissions etc. I have never used any
security with ASP.NET before; only classic ASP.
I would like to base my user's logon information and permissions on their
domain account. What is the best way to do this? Can web-based forms
communicate with the domain users accounts? What about storing session
information - how do we do this? Is there any recommended techniques for
implementing this sort of security? Can anyone point me to any articles
relating to this subject?
Any help will be gratefully appreciated.
frank Guest
-
Need advice on security setup
Hi all experts. I am currently planning a rather large application that will have the following characteristics: 1) Business Services layer... -
ASP/DB Security Model Advice
ENVIRONMENT: Windows 2000 Professional (sp3) Internet Information Server (5.0) Active Server Pages (3.0) VBScript (5.6) Microsoft SQL Server... -
ASP.NET security advice wanted
We have an interesting ASP.NET security design problem. I think that I have worked out a solution, but I want to make sure that I am not off base.... -
Advice on implementing Exception Management Block
Hi There I am busy evaluating using the Exception Management Block in my web app. I have divided my solution into 3 projects. 1) WebApp 2)... -
Security advice ?
Hi I have completed a PHP+ MySQL application that uses and stores sensitive data (uses SSL via https). My query is a little non standard here - ... -
John Saunders #2 Re: Implementing Security - Advice Please
"frank" <frank@frank.com> wrote in message
news:elq1cwIbDHA.2344@TK2MSFTNGP12.phx.gbl...I> I am in the process of writing a fairly large ASP.NET web application andYou don't say whether or not this is an Intranet application. If it is, then> am about to implement log-ons, permissions etc. I have never used any
> security with ASP.NET before; only classic ASP.
>
> I would like to base my user's logon information and permissions on their
> domain account. What is the best way to do this? Can web-based forms
> communicate with the domain users accounts? What about storing session
> information - how do we do this? Is there any recommended techniques for
> implementing this sort of security? Can anyone point me to any articles
> relating to this subject?
you can use Windows Authentication.
A good starting point is the following article on MSDN: Authentication in
ASP.NET: .NET Security Guidance
([url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html[/url]
/authaspdotnet.asp).
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]
John Saunders Guest
-
frank #3 Re: Implementing Security - Advice Please
"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:eXc716JbDHA.2372@TK2MSFTNGP10.phx.gbl...and> "frank" <frank@frank.com> wrote in message
> news:elq1cwIbDHA.2344@TK2MSFTNGP12.phx.gbl...> > I am in the process of writing a fairly large ASP.NET web applicationtheir> I> > am about to implement log-ons, permissions etc. I have never used any
> > security with ASP.NET before; only classic ASP.
> >
> > I would like to base my user's logon information and permissions onthen>> > domain account. What is the best way to do this? Can web-based forms
> > communicate with the domain users accounts? What about storing session
> > information - how do we do this? Is there any recommended techniques for
> > implementing this sort of security? Can anyone point me to any articles
> > relating to this subject?
> You don't say whether or not this is an Intranet application. If it is,It's primarily an Intranet application, although it may be available in the> you can use Windows Authentication.
future on the Internet.
([url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html[/url]> A good starting point is the following article on MSDN: Authentication in
> ASP.NET: .NET Security Guidance
>Thanks.> /authaspdotnet.asp).
frank Guest
-
John Saunders #4 Re: Implementing Security - Advice Please
"frank" <frank@frank.com> wrote in message
news:%23OerBGKbDHA.1748@TK2MSFTNGP12.phx.gbl...for> "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> news:eXc716JbDHA.2372@TK2MSFTNGP10.phx.gbl...> and> > "frank" <frank@frank.com> wrote in message
> > news:elq1cwIbDHA.2344@TK2MSFTNGP12.phx.gbl...> > > I am in the process of writing a fairly large ASP.NET web application> their> > I> > > am about to implement log-ons, permissions etc. I have never used any
> > > security with ASP.NET before; only classic ASP.
> > >
> > > I would like to base my user's logon information and permissions on> > > domain account. What is the best way to do this? Can web-based forms
> > > communicate with the domain users accounts? What about storing session
> > > information - how do we do this? Is there any recommended techniquesarticles> > > implementing this sort of security? Can anyone point me to anythe> then> >> > > relating to this subject?
> > You don't say whether or not this is an Intranet application. If it is,>> > you can use Windows Authentication.
> It's primarily an Intranet application, although it may be available inOk, keep in mind that Windows Authentication can work over the Internet.> future on the Internet.
"Windows Authentication" really means "IIS Authentication", and IIS does
support Basic Authentication which requests a username/password. Do this
over SSL and you should be ok.
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]
John Saunders Guest
-
frank #5 Re: Implementing Security - Advice Please
"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:unbjJcKbDHA.2820@tk2msftngp13.phx.gbl...Is Windows Authentication based on the Domain user accounts?>
> Ok, keep in mind that Windows Authentication can work over the Internet.
> "Windows Authentication" really means "IIS Authentication", and IIS does
> support Basic Authentication which requests a username/password. Do this
> over SSL and you should be ok.
frank Guest
-
Luther Miller #6 Re: Implementing Security - Advice Please
I wrote a useful hands-on article about implementing security within
an ASP.NET application for the September/2003 issue of Windows
Developer - "Quick ASP.NET Security". You can download it for free if
you register at the site, and I think you will find it useful. It
builds upon the basics of ASP.NET security; it's not just
regurgitation of the .NET Framework docs:
[url]http://www.windevnet.com/wdn/articles/2003/0309/[/url]
"frank" <frank@frank.com> wrote in message news:<elq1cwIbDHA.2344@TK2MSFTNGP12.phx.gbl>...> I am in the process of writing a fairly large ASP.NET web application and I
> am about to implement log-ons, permissions etc. I have never used any
> security with ASP.NET before; only classic ASP.
>
> I would like to base my user's logon information and permissions on their
> domain account. What is the best way to do this? Can web-based forms
> communicate with the domain users accounts? What about storing session
> information - how do we do this? Is there any recommended techniques for
> implementing this sort of security? Can anyone point me to any articles
> relating to this subject?
>
> Any help will be gratefully appreciated.Luther Miller Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
