|
Home > Archive > IIS Server Security > June 2005 > AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!
|
|
| phreeskier@gmail.com 2005-06-21, 5:52 pm |
| i want to implement authorization with windows authentication and don't
have the slightest clue of how to do this implementation. the basic
windows authentication for this .NET application is already setup. my
problem lies within my inability to manipulate the username captured in
the authentication process and my knowledge of how IIS is involved.
specifically, i have the following questions:
1) what object(s) can be used so that the user's username can be
manipulated for the authorization process?
2) in order to apply roles, do the users need to be placed in groups in
IIS? if so, how does this work?
3) is all the code that the application uses for roles in web.config?
or does global.asax play a role in this matter?
4) does the web.config file know to communicate with IIS because the
authorization type is set to windows?
5) once authorization is in place, can a section of an .aspx file be
visible to a group or can only entire files be secured for a group?
as you can see, i'm trying to figure out the relationship between
authorization and windows authentication so any help would be
appreciated.
thanks,
john
e: phreeskier@gmail.com
| |
| Bob Barrows [MVP] 2005-06-21, 5:52 pm |
| phreeskier@gmail.com wrote:
> i want to implement authorization with windows authentication and
> don't have the slightest clue of how to do this implementation. the
> basic windows authentication for this .NET application
There was no way for you to know it, but this* is a classic asp newsgroup.
While you may be lucky enough to find a dotnet-savvy person here who can
answer your question, you can eliminate the luck factor by posting your
question to a newsgroup where the dotnet-savvy people hang out. I suggest
microsoft.public.dotnet.framework.aspnet.
Nevertheless ... I'll give it a try. Read on.
> is already
> setup. my problem lies within my inability to manipulate the
> username captured in the authentication process and my knowledge of
> how IIS is involved.
>
> specifically, i have the following questions:
> 1) what object(s) can be used so that the user's username can be
> manipulated for the authorization process?
That would be User.Identity.Name
> 2) in order to apply roles, do the users need to be placed in groups
> in IIS? if so, how does this work?
No such thing as IIS groups. You can either create groups in a database
(which can be as simple as a table containing a username column and a
groupname column), or create groups in your Active Directory, meaning that
you will need to learn how to query the AD, which is no trivial task.
> 3) is all the code that the application uses for roles in web.config?
There is no code in web.config
> or does global.asax play a role in this matter?
A Session_onstart sub in global.asax could come into play if you choose to
take that route, but usually, the answer is: Neither.
> 4) does the web.config file know to communicate with IIS because the
> authorization type is set to windows?
Huh? You need to go back and read the book. web.config does not
"communicate" with anything. It is simply a configuration file containing
settings that your application's dll uses when it loads.
Also, the "authentication" type is set in web.config. Authorization is up to
you to implement.
> 5) once authorization is in place, can a section of an .aspx file be
> visible to a group or can only entire files be secured for a group?
>
Yes to both, but there's nothing automatic about it. You have to write the
code to make it happen.
> as you can see, i'm trying to figure out the relationship between
> authorization and windows authentication so any help would be
> appreciated.
>
Please follow up in the aspnet newsgroup.
Bob Barrows
*I read this message and replied to it in the .inetserver.asp newsgroup. In
the future, pleas pick a single group to post your message to. Usually,
somebody will be polite enough to point you in the proper direction if
you've chosen the wrong newsgroup.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
| |
| Bob Barrows [MVP] 2005-06-21, 5:52 pm |
| Bob Barrows [MVP] wrote:
> Also, the "authentication" type is set in web.config. Authorization
> is up to you to implement.
>
oops, a little bit of misinformation here: You CAN use authorization based
on AD groups. Here is a link with more information:
http://msdn.microsoft.com/library/e...tyAtRunTime.asp
There is a section about authorization about halfway down, including links
to other relevant documents.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
|
|
|
|
|