Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Facebook Sign In with Google Sign In with OpenID

Categories

We have migrated to a new platform! Please note that you will need to reset your password to log in (your credentials are still in-tact though). Please contact lee@programmersheaven.com if you have questions.
Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

asp.net windows authentication

spaceGoosespaceGoose Posts: 1Member
Hello. ASP.NET newbie here, so be gentle ;)

I'm creating an asp.net application (vb code, SQL server, IIS) that will work on a browser in an intranet environment. The application will use windows authentication (so that the users are able to access the app by logging onto their windows account).

My problem is, the application will have an admin user account feature that enables the application admin to change the users various access levels to different parts of the application as well as user info (such as name, phone, address, etc.). Is this possible to implement?

My problem is, I need to store the windows login usernames/passwords on the SQL database of the application as well, because that's where all the other user info will be stored in.

Is there a way to get the user info (user name and password (crypted)) visible in VB? Meaning, if I was to make a test app with a simple button and a label. Can I somehow print my own windows username to the label with a simple lbl1.text = ...whatever?

Security isn't an issue at this point.

Comments

  • raymcdraymcd Posts: 284Member
    [b][red]This message was edited by raymcd at 2003-7-2 14:31:38[/red][/b][hr]
    : Hello. ASP.NET newbie here, so be gentle ;)
    :
    : I'm creating an asp.net application (vb code, SQL server, IIS) that will work on a browser in an intranet environment. The application will use windows authentication (so that the users are able to access the app by logging onto their windows account).
    :
    : My problem is, the application will have an admin user account feature that enables the application admin to change the users various access levels to different parts of the application as well as user info (such as name, phone, address, etc.). Is this possible to implement?
    :
    : My problem is, I need to store the windows login usernames/passwords on the SQL database of the application as well, because that's where all the other user info will be stored in.
    :
    : Is there a way to get the user info (user name and password (crypted)) visible in VB? Meaning, if I was to make a test app with a simple button and a label. Can I somehow print my own windows username to the label with a simple lbl1.text = ...whatever?
    :
    : Security isn't an issue at this point.
    :


    This is all very much possible. If you are using windows authentication, you are practically done already. The SQL server doesn't need to keep passwords 'cause the user will already be authenticated. Just check who the user is and then get the list of priveliges from the database.

    You can check who the user is by denying anonymous in the web.config as follows:
    [code]

    [/code]
    Then you will just use the User property of the Page class that your web form is inheriting from.
    [code]Response.Write(User.Identity.Name & "")
    Response.Write(User.IsInRole("MyCustomAppAdmin") & "")[/code]
    Similarly you can modify your apps behavior depending upon who is logged in. Maybe set a session var like "AccessLevel" and use that as a switch to turn on/off functionality.

    I would add a windows role or user group with a name similar to the one above. Then you can manage your application security from windows. Very much an ideal situation.

    You could keep a list of users in the database with the primary key a string like "Server/Username" since that is what the User.Identity.Name property looks like. Create a table of priveliges. Then you can keep a table of usernames and priveligeID columns. Finally all you need to do is select all the privs for UserXYZ. This will allow you to determine what JoeSchmoe can do. Of course, if you don't need a web interface into security, just create a couple of UserRoles and add the users as appropriate in your domain model. It can even be groups local to the server (I think). It would be most secure if handled purely by NTLM.

    Hope that helps.

    -Ray


Sign In or Register to comment.