Re: Authentication in .NET..... pointers
From: Darrin J Olson (darrin.j.olson_at_sio.midco.net)
Date: 02/15/04
- Next message: Darrin J Olson: "Re: Closing popup"
- Previous message: Brian Barnett: "RE: retrieving PDF file with ServerXMLHTTP object"
- In reply to: Paul: "Authentication in .NET..... pointers"
- Next in thread: Paul: "Re: Authentication in .NET..... pointers"
- Reply: Paul: "Re: Authentication in .NET..... pointers"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 14 Feb 2004 19:14:58 -0600
I don't know that I could give you a complete solution, but I can give you
some ideas...
Putting your current authentication methods aside, ASP.NET has the ability
to make Principal objects and Identity objects (FormsIdentity for example)
where you can specify different directory and define application processing
permissions throughout your application and grant certain permissions to
certain users. You can also use the same objects to require a Union and/or
Intersection of permission sets for tasks and/or directories. The Union of
permissions may be helpful in requiring two different permission sets to be
required for access to a directory or to perform a certain task.
The trick would be if you need to tie these users to your current
authentication...
Hope that helps get you in the right direction...
-Darrin
"Paul" <prx1988@hotmail.com.invalid> wrote in message
news:z4rfemq9brLAFw2X@eyeore.home...
> Background.
>
> We have a corporate intranet that is (as much as makes no difference)
> entirely IIS web servers & IE browsers. We use a standard Windows
> domain logon and use active directory. We also have a "standard" user
> (like a guest one) that has few privileges.
>
> Web pages are secured and authenticated by manipulating the permissions
> on the files and folders within the web. This has been the situation
> for a number of years and is relatively set in stone. We use challenge
> response to authenticate for web pages.
>
> If a user logs on as the std user and tries to access a web page to
> which they have no access, a login box appears. If they are really a
> user with the correct credentials they can enter their userid/passwd at
> the prompts. As I understand it, it isn't possible to revoke that
> authentication (ie for that user to log off and revert to the std user)
> without closing down IE and any other browser windows that the user may
> have opened whilst "logged on." Is that correct?
>
> Assuming that is correct, how would we manage the following. Imagine an
> operation that needs two users to authorise it at the time it happens
> (eg a second nurse witnessing the administration of a medicine in a
> hospital, or a superviser check on a large transaction.) How could that
> second person's credentials be checked against their windows domain
> login and subsequently cancelled? Is there really no way to cancel the
> 1st user's logon either?
>
> I'm fairly new to this so would appreciate some pointers.... i've
> pondered with creating session variable "tokens" and all sorts of
> things, but would like a nudge in the right direction before I get too
> embroiled in all this as the inability to revoke the authentication
> always seems to end up scuppering any idea that I have :(
>
>
> Thanks
> --
> Paul
- Next message: Darrin J Olson: "Re: Closing popup"
- Previous message: Brian Barnett: "RE: retrieving PDF file with ServerXMLHTTP object"
- In reply to: Paul: "Authentication in .NET..... pointers"
- Next in thread: Paul: "Re: Authentication in .NET..... pointers"
- Reply: Paul: "Re: Authentication in .NET..... pointers"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
