Re: Authentication as signature

From: Scott Allen (scott_at_nospam.odetocode.com)
Date: 02/11/05

Next message: Vadivel Kumar: "Re: Running code when viewing aspx code"
Previous message: Vadivel Kumar: "Re: Date Formats"
In reply to: yzarcman_at_gmail.com: "Authentication as signature"
Next in thread: yzarcman_at_gmail.com: "Re: Authentication as signature"
Reply: yzarcman_at_gmail.com: "Re: Authentication as signature"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 11 Feb 2005 08:51:52 -0500

Hi Greg:

You can have your asp.net application use Windows authentication and
impersonate the client's identity. Impersonation would allow you to
use NTFS permissions to perform authorization. Your web.config would
look something like:

...
  <authentication mode="Windows" />
  <authorization>
     <deny users="?"/> 
     <allow users="*">
   </authorization>
   <identity impersonate="true" />
...

Some more details are available here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch03.asp

--
Scott
http://www.OdeToCode.com/blogs/scott/
On 11 Feb 2005 01:38:38 -0800, yzarcman@gmail.com wrote:
>I am working on an intranet and have a web app that I need to use
>authentication for signing a document.
>
>As an organization we have decided that a username and date/time stamp
>would be sufficient to be considered a signature.
>
>On some pages data is submitted and I'm just concerned about capturing
>the username. On other pages I'm very concerned that the person
>submitting data is really the person who is logged into the machine
>(2003 server Active Directory). When they submit data on these pages I
>would like to reprompt for password. To get to these pages it would be
>nice if I could not prompt for the password and use NTSF permissions to
>allow them access without prompting for password.
>
>Any ideas on how to do this would be GREATLY appreciated.
>
>Thanks,
>Greg

Next message: Vadivel Kumar: "Re: Running code when viewing aspx code"
Previous message: Vadivel Kumar: "Re: Date Formats"
In reply to: yzarcman_at_gmail.com: "Authentication as signature"
Next in thread: yzarcman_at_gmail.com: "Re: Authentication as signature"
Reply: yzarcman_at_gmail.com: "Re: Authentication as signature"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!
... > basic windows authentication for this .NET application ... There was no way for you to know it, but this* is a classic asp newsgroup. ... > how IIS is involved. ... > manipulated for the authorization process? ...
(microsoft.public.inetserver.iis.security)
Re: Identity while calling Components in Web Services
... credentials to load and run the DTS package using DSO. ... you can impersonate a specific machine account just for the ... Hopefully one of these approaches will get you past the authorization issue ... > I have a web Service and in the service I am trying to Connecto to DSO ...
(microsoft.public.dotnet.framework.aspnet.webservices)
AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!
... i want to implement authorization with windows authentication and don't ... windows authentication for this .NET application is already setup. ... the authentication process and my knowledge of how IIS is involved. ...
(microsoft.public.sqlserver.security)
AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!
... i want to implement authorization with windows authentication and don't ... windows authentication for this .NET application is already setup. ... the authentication process and my knowledge of how IIS is involved. ...
(microsoft.public.inetserver.iis.security)
Windows authentication difficulties
... I am having problems trying to perform authorization in a web ... application using windows authentication. ... if I try this I get the login prompt but it does not allow ... If you access the application from a remote machine ...
(microsoft.public.dotnet.framework.webservices)