Ask a Question related to ASP.NET Security, Design and Development.
-
Ed Hastings via .NET 247 #1
Similar issue with .NET Security
Hello; having similar ASP.NET security issues.
Upgrading a number of ASP classic apps to .NET and haveeverything done but cant figure out how to get the security towork correctly.
Under the ASP Classic implementations security was NT Groupsbased. Various Groups were created for different access rights,and the apps just checked the logged in user against ADSI todetermine if they were in the correct group(s) for whateveraccess.
This was accomplished quite easily by dim-ing out an object forthe Domain and flipping thru the Groups to find the one ofinterests and then checking to see if the user logged on to theapp was in that group, and setting a session variable to thateffect.
This had many advantages, including the fact that Networksadministered the user accounts, adding & removing people fromgroups, and so on without Development needing to get involved.It was also easy, and allowed users to log into the system fromany machine they happened to be at as themselves.
Under ASP.NET however, Windows authentication picks up the personlogged in on the computer itself defeating part of the desiredfunctionality.
So I tried Forms based authentication and though various bookslist ADSI as being a valid source of comparison for loginverification I cant find one line of code on how to do that; allthe examples use a custom independently managed Database, XMLfiles, or hardcoding the user info directly in the web config(!), the last to of which strike me as generally bad ideas. Idont have any problem doing the Database option if necessary,but as all of the user security is already set up and better yetadministered by Networks I would much rather find a way to usethe existing infrastructure to manage this.
Any ideas how to force .NET to accept a forms basedauthentication and then verify it against ADSI?
Thanx!
--------------------------------
From: Ed Hastings
-----------------------
Posted by a user from .NET 247 ([url]http://www.dotnet247.com/[/url])
<Id>NU9di4RXnUy12Bd0qmE80w==</Id>
Ed Hastings via .NET 247 Guest
-
Odd security issue
We have set-up our HR dept. with Contribute to manage their Intranet content. In doing so, I created a security group on the server and applied it... -
Is this a security issue
While trying to signon at a website, I got the following PHP code back. I suppose that their apache was mistakenly returning php text instead of... -
Security issue with DirectoryServices
In an attempt to programmatically create a website using Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create", "IIsWebServer", intSiteID),... -
ASPState Bug/Security issue
I've been trying to figure out how to properly install and configure ASPState (fwk 1.1,non-persistent, sql based state) in a way that a. works... -
New security issue
New security update will not download on my Computer (HP....Windows XP). Message states that I need to see if Cryptographic is in my computer.... -
Avnrao #2 RE: Similar issue with .NET Security
check if this link helps you.
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;326340&Product=aspnet[/url]
Avnrao Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
