Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows Integrated Authentication 1

Status
Not open for further replies.
barrylowe

barrylowe

Programmer
Nov 6, 2001
188
0
0
GB
I am having a bit of a problem trying to set up Windows Integrated Authentication on my ASP.NET app.

The problem arises because I have publically available pages and administrator pages.

I managed to set up a test project which used windows authentication to allow access to everyone for top-level pages but only allow a particular group to access pages in the Admin sub-folder and everything worked fine.

However when I tried to translate this across to my main project which uses a SQL Server backend I found that it wouldn't work as no-one had a valid login for SQL. Obviously I don't want to give everyone logins to my database but they all need to be able to see the top-level pages and if I make it anonymous access then the restrictions on the admin pages will no longer work.

Any suggestions as to the best way round this problem?
 
Sort by date Sort by votes
You have to grant access to the DB for the ASPNET user account.
 
Upvote 0 Downvote
why not create a seperate site login for admin access? in fact, why not set access levels for all your users.

 
Upvote 0 Downvote
MDTekUser,

But isn't it the case that the machine would try to log into the SQL database with the users windows login and not the ASPNET account?

dvannoy,

I was trying to avoid creating my own login page pages as it seemed to make more sense to use windows logins. I don't really want to have to set access levels for all users as we have 4000+ employees.
 
Upvote 0 Downvote
if you have public pages and admin pages and wish to use windows auth, then you must set some type of levels. your trying to combine to different access levels into one.

also, look into auth to active directory.

 
Upvote 0 Downvote
In SQL , grant group rights, add DOMAIN\Domain Users as a SQL user, then grant rights to the tables you want them to access. You can grant SQL rights to DOMAIN\Accounting Dept to only the Accounting tables, i.e.

use code to check the user is in a domain, and if not, kick em back to another page...

Dim user As WindowsIdentity = WindowsIdentity.GetCurrent
Dim wp As New WindowsPrincipal(WindowsIdentity.GetCurrent())
If wp.IsInRole("Domain Admins") Then...Else
response.redirect("getout.aspx")

just some thoughts, sorry to be vague with code samples.

Code: 
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings file="pops.config">
  </appSettings>
  <system.web>
    <pages enableViewStateMac="false" />
    <authentication mode="Windows" />
    <identity impersonate="true" />
    <authorization>
      <allow roles="DOMAIN\Domain Users,DOMAIN\Accounting Dept"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>
 
Upvote 0 Downvote
Heres a more detail FAQ - faq855-5377
what a great author that wrote that long ago!
 
Upvote 0 Downvote
That's brilliant guys, thanks very much. I'll have a look at this when I get back to work tomorrow.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
125
Moregelen
Moregelen
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
117
Rajkumarrrrr
Rajkumarrrrr
NoCoolHandle
  • Locked
  • Question
Integrate Facebook (social) logins with Forms authentication..
Replies
0
Views
41
NoCoolHandle
NoCoolHandle
primagic
  • Locked
  • Question
Windows Authentication
Replies
0
Views
28
primagic
primagic
tshad
  • Locked
  • Question
Windows forms show and showdialog working differently displaying datagridview
Replies
3
Views
68
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top