I am not trained in any of this security admin stuff. I am truly a rookie. I am willing to do lots of study and reading to get up to speed.
Before I launch into this, I would like to know if this is possible (please forgive this rookie terminology):
1. I have an ASP.NET 1.1 web app running on a Win 2003 Server PC. It's by itself in a workgroup I think and not really part of a domain per se but for discussion let's call it by the machine name, MYWEBPC.
2. The web app currently uses forms authentication but has the ability with some minor tweaks to use Integrated Windows Auth.
3. I have a group of users who logon locally to their network which has very rigorous password rules. Let's call their domain TOUGHNET.
4. Currently, users logged on TOUGHNET browse to a URL on MYWEBPC where they are prompted for username/pswd. The web app does not enforce rigorous password policies so I am contemplating a change as follows.
5. Establish a "one-way" trust between these domains. I would like to do some admin things to MYWEBPC such that this web app running there can trust any authenticated user coming in from TOUGHNET.
a. Other than us knowing the usernames of a few people on TOUGHNET, can this admin work be done on MYWEBPC without the cooperation of network security folks at TOUGHNET ? If they have to do stuff, this idea might fall apart because they are very very fussy.
b. I've been told this can be done and that I have to add a local group on MYWEBPC and then add a user for each user from TOUGHNET that I want to support. While I know the username will have to match, what does one put in for the password?
In summary, given the above scenario, this rookie wants to know if this is feasible and can it be administered without depending any work from the trusted domain (i.e. TOUGHNET in this example).
Thanks very much for your advise in advance.
Before I launch into this, I would like to know if this is possible (please forgive this rookie terminology):
1. I have an ASP.NET 1.1 web app running on a Win 2003 Server PC. It's by itself in a workgroup I think and not really part of a domain per se but for discussion let's call it by the machine name, MYWEBPC.
2. The web app currently uses forms authentication but has the ability with some minor tweaks to use Integrated Windows Auth.
3. I have a group of users who logon locally to their network which has very rigorous password rules. Let's call their domain TOUGHNET.
4. Currently, users logged on TOUGHNET browse to a URL on MYWEBPC where they are prompted for username/pswd. The web app does not enforce rigorous password policies so I am contemplating a change as follows.
5. Establish a "one-way" trust between these domains. I would like to do some admin things to MYWEBPC such that this web app running there can trust any authenticated user coming in from TOUGHNET.
a. Other than us knowing the usernames of a few people on TOUGHNET, can this admin work be done on MYWEBPC without the cooperation of network security folks at TOUGHNET ? If they have to do stuff, this idea might fall apart because they are very very fussy.
b. I've been told this can be done and that I have to add a local group on MYWEBPC and then add a user for each user from TOUGHNET that I want to support. While I know the username will have to match, what does one put in for the password?
In summary, given the above scenario, this rookie wants to know if this is feasible and can it be administered without depending any work from the trusted domain (i.e. TOUGHNET in this example).
Thanks very much for your advise in advance.
