Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 1.0 and 1.1 > ASP.NET 1.0 and 1.1 Professional
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old June 13th, 2006, 03:56 AM
Registered User
 
Join Date: Sep 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Windows Authentication using db for user storage

Hi, How can i use windows authentication by using database to keep the allowed users(domain1\someuser) and not in a web.config file. Thanks in advance


Reply With Quote
  #2 (permalink)  
Old June 14th, 2006, 02:54 PM
Wrox Author
Points: 13,255, Level: 49
Points: 13,255, Level: 49 Points: 13,255, Level: 49 Points: 13,255, Level: 49
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2005
Location: Ohio, USA
Posts: 4,104
Thanks: 1
Thanked 63 Times in 63 Posts
Send a message via AIM to dparsons
Default

what do you mean? Are you saying you want to capture the value of Request.ServerVariables("REMOTE_USER") make a call to a database and then, based on that call, determine if the user is allowed to see X resource?

"The one language all programmers understand is profanity."
Reply With Quote
  #3 (permalink)  
Old June 14th, 2006, 07:27 PM
Registered User
 
Join Date: Sep 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes. I am creating an intranet app. I will only allow certain users to access the app. I want to use their existing windows account. I want to give app admins to add users inside the application by entering their domain login and granting permissions.

Reply With Quote
  #4 (permalink)  
Old June 14th, 2006, 07:30 PM
Registered User
 
Join Date: Sep 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks dparsons. what do you think should be the best solution?

Reply With Quote
  #5 (permalink)  
Old June 15th, 2006, 08:17 AM
Wrox Author
Points: 13,255, Level: 49
Points: 13,255, Level: 49 Points: 13,255, Level: 49 Points: 13,255, Level: 49
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2005
Location: Ohio, USA
Posts: 4,104
Thanks: 1
Thanked 63 Times in 63 Posts
Send a message via AIM to dparsons
Default

Ok I can't tell you line for line how to do this, that would be an extremely lengthy post but I will tell you what you need at a minimum. From your description i am assuming that this is a pass/fail type of system meaning that a user either has access or they dont.

I will give you a basic run down of how I do this for my company, though it wont be indepth, it will get you headed in the right direction.

First off, my security system for my Intranet Applications is completely transparent to the user; my applications grab the value of Request.ServerVariables("Remote_User") which returns domain\username and I use that to determine there exact level of permission; i dont make them log in at all.

Its importanat to note that I don't assign permissions to users, I assign permissions to groups and users belong to groups because this would become an absolute nightmare trying to manage X users have X rights to X application.

My SQL Structure is something like this:

lkApp (table) - Table that has a pk and a description of the application
AppRoles (table) - Table that has a pk, a description of the role, and a FK that links it to lkApp
AppUserRoles (table) - Table that has a pk, the users ID and a FK that links to AppRoles
AppPermission (table) - Table that has a pk, a fk that links to appRoles, a fk that links to lkApp, and a field that has the permission level for that role. (in my case 0, 2, or 4)

So what happens when a user visits my application, I call a stored procedure that does the necessary joins and determine whether or not the user has adequate permission to view X resource. Hope this helps.




"The one language all programmers understand is profanity."
Reply With Quote
  #6 (permalink)  
Old June 16th, 2006, 01:02 AM
Registered User
 
Join Date: Sep 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks a lot i really appreciate your help. im going to use authentication to validate users if they are allowed to use functions of a certain page whether it is viewing, updating or deleting. I guess ill have to create a validate users in every pages.
Thanks again

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to get windows user id in Forms Authentication jayaraj123 General .NET 0 April 13th, 2007 02:34 PM
How to get user name from windows authentication? su C# 1 December 9th, 2006 01:58 AM
Windows Authentication OrbitalThread .NET Framework 2.0 0 December 5th, 2006 12:57 PM
Windows authentication eresina General .NET 5 June 2nd, 2004 09:16 AM



All times are GMT -4. The time now is 05:06 AM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
2013 John Wiley & Sons, Inc.