RE: IIS Security
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Tue, 22 May 2007 00:38:59 GMT
Hi Dan,
As for the "We use AD for logons, so I can enable IWA", do you mean you're
using integrated windows authenticaiton in IIS to automatically acquire the
domain account from client user and forward to ASP.NET application? Or are
you using forms authentication and AD membership provider to let user
interactively input domain account credential to login the application?
For limiting the users who can login the system, if you're using ASP.NET
2.0, the new role provider service can help correctly control the access
authorization to pages in the application, no matter you're using forms
authentication or windows authenticaiton(you can associate custom roles in
database to those authenticated identities). Here is a good blog thread
demonstrate this:
#Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
Authentication and SQL Server
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Bas
ed-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.asp
x
Or if you do not want to use ASP.NET's built-in authorization service, you
can also built a custom httpmodule (or use the global.asax events) and do
your authorization code logic(deny or allow access to certain page) depend
on your own roles(in database or a config file). The "AuthorizeRequest"
public event is a g ood one.
#Handling Public Events
http://msdn2.microsoft.com/en-us/library/9ysfzy8h(VS.71).aspx
http://awww.aspnetresources.com/tools/pipeline.aspx
Hope this helps some.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- RE: IIS Security
- From: Steven Cheng[MSFT]
- RE: IIS Security
- Prev by Date: Re: Server application error. Again.
- Next by Date: Re: Server application error. Again.
- Previous by thread: Best Method to View/Print Images and PDF Files
- Next by thread: RE: IIS Security
- Index(es):
Relevant Pages
|
