Implementing Security - Advice Please

Re: Implementing Security - Advice Please

"frank" <frank@frank.co m> wrote in message
news:elq1cwIbDH A.2344@TK2MSFTN GP12.phx.gbl...[color=blue]
> I am in the process of writing a fairly large ASP.NET web application and[/color]
I[color=blue]
> am about to implement log-ons, permissions etc. I have never used any
> security with ASP.NET before; only classic ASP.
>
> I would like to base my user's logon information and permissions on their
> domain account. What is the best way to do this? Can web-based forms
> communicate with the domain users accounts? What about storing session
> information - how do we do this? Is there any recommended techniques for
> implementing this sort of security? Can anyone point me to any articles
> relating to this subject?[/color]

You don't say whether or not this is an Intranet application. If it is, then
you can use Windows Authentication.

A good starting point is the following article on MSDN: Authentication in
ASP.NET: .NET Security Guidance
(http://msdn.microsoft.com/library/de...-us/dnbda/html
/authaspdotnet.a sp).
--
John Saunders
Internet Engineer
john.saunders@s urfcontrol.com

Re: Implementing Security - Advice Please

"John Saunders" <john.saunders@ surfcontrol.com > wrote in message
news:eXc716JbDH A.2372@TK2MSFTN GP10.phx.gbl...[color=blue]
> "frank" <frank@frank.co m> wrote in message
> news:elq1cwIbDH A.2344@TK2MSFTN GP12.phx.gbl...[color=green]
> > I am in the process of writing a fairly large ASP.NET web application[/color][/color]
and[color=blue]
> I[color=green]
> > am about to implement log-ons, permissions etc. I have never used any
> > security with ASP.NET before; only classic ASP.
> >
> > I would like to base my user's logon information and permissions on[/color][/color]
their[color=blue][color=green]
> > domain account. What is the best way to do this? Can web-based forms
> > communicate with the domain users accounts? What about storing session
> > information - how do we do this? Is there any recommended techniques for
> > implementing this sort of security? Can anyone point me to any articles
> > relating to this subject?[/color]
>
> You don't say whether or not this is an Intranet application. If it is,[/color]
then[color=blue]
> you can use Windows Authentication.[/color]

It's primarily an Intranet application, although it may be available in the
future on the Internet.
[color=blue]
> A good starting point is the following article on MSDN: Authentication in
> ASP.NET: .NET Security Guidance
>[/color]
(http://msdn.microsoft.com/library/de...-us/dnbda/html[color=blue]
> /authaspdotnet.a sp).[/color]

Thanks.

Re: Implementing Security - Advice Please

"frank" <frank@frank.co m> wrote in message
news:%23OerBGKb DHA.1748@TK2MSF TNGP12.phx.gbl. ..[color=blue]
> "John Saunders" <john.saunders@ surfcontrol.com > wrote in message
> news:eXc716JbDH A.2372@TK2MSFTN GP10.phx.gbl...[color=green]
> > "frank" <frank@frank.co m> wrote in message
> > news:elq1cwIbDH A.2344@TK2MSFTN GP12.phx.gbl...[color=darkred]
> > > I am in the process of writing a fairly large ASP.NET web application[/color][/color]
> and[color=green]
> > I[color=darkred]
> > > am about to implement log-ons, permissions etc. I have never used any
> > > security with ASP.NET before; only classic ASP.
> > >
> > > I would like to base my user's logon information and permissions on[/color][/color]
> their[color=green][color=darkred]
> > > domain account. What is the best way to do this? Can web-based forms
> > > communicate with the domain users accounts? What about storing session
> > > information - how do we do this? Is there any recommended techniques[/color][/color][/color]
for[color=blue][color=green][color=darkred]
> > > implementing this sort of security? Can anyone point me to any[/color][/color][/color]
articles[color=blue][color=green][color=darkred]
> > > relating to this subject?[/color]
> >
> > You don't say whether or not this is an Intranet application. If it is,[/color]
> then[color=green]
> > you can use Windows Authentication.[/color]
>
> It's primarily an Intranet application, although it may be available in[/color]
the[color=blue]
> future on the Internet.[/color]

Ok, keep in mind that Windows Authentication can work over the Internet.
"Windows Authentication" really means "IIS Authentication" , and IIS does
support Basic Authentication which requests a username/password. Do this
over SSL and you should be ok.
--
John Saunders
Internet Engineer
john.saunders@s urfcontrol.com

Re: Implementing Security - Advice Please

"John Saunders" <john.saunders@ surfcontrol.com > wrote in message
news:unbjJcKbDH A.2820@tk2msftn gp13.phx.gbl...[color=blue]
>
> Ok, keep in mind that Windows Authentication can work over the Internet.
> "Windows Authentication" really means "IIS Authentication" , and IIS does
> support Basic Authentication which requests a username/password. Do this
> over SSL and you should be ok.[/color]

Is Windows Authentication based on the Domain user accounts?

Re: Implementing Security - Advice Please

I wrote a useful hands-on article about implementing security within
an ASP.NET application for the September/2003 issue of Windows
Developer - "Quick ASP.NET Security". You can download it for free if
you register at the site, and I think you will find it useful. It
builds upon the basics of ASP.NET security; it's not just
regurgitation of the .NET Framework docs:



"frank" <frank@frank.co m> wrote in message news:<elq1cwIbD HA.2344@TK2MSFT NGP12.phx.gbl>. ..[color=blue]
> I am in the process of writing a fairly large ASP.NET web application and I
> am about to implement log-ons, permissions etc. I have never used any
> security with ASP.NET before; only classic ASP.
>
> I would like to base my user's logon information and permissions on their
> domain account. What is the best way to do this? Can web-based forms
> communicate with the domain users accounts? What about storing session
> information - how do we do this? Is there any recommended techniques for
> implementing this sort of security? Can anyone point me to any articles
> relating to this subject?
>
> Any help will be gratefully appreciated.[/color]

Re: Implementing Security - Advice Please

I wrote a useful hands-on article about implementing security within
an ASP.NET application for the September/2003 issue of Windows
Developer - "Quick ASP.NET Security". You can download it for free if
you register at the site, and I think you will find it useful. It
builds upon the basics of ASP.NET security; it's not just
regurgitation of the .NET Framework docs:



"frank" <frank@frank.co m> wrote in message news:<elq1cwIbD HA.2344@TK2MSFT NGP12.phx.gbl>. ..[color=blue]
> I am in the process of writing a fairly large ASP.NET web application and I
> am about to implement log-ons, permissions etc. I have never used any
> security with ASP.NET before; only classic ASP.
>
> I would like to base my user's logon information and permissions on their
> domain account. What is the best way to do this? Can web-based forms
> communicate with the domain users accounts? What about storing session
> information - how do we do this? Is there any recommended techniques for
> implementing this sort of security? Can anyone point me to any articles
> relating to this subject?
>
> Any help will be gratefully appreciated.[/color]