Re: Multiple App Authentication

No, these are web app users and they are not part of any domain nor do we
want them to use Windows Authentication. We want to use Forms
authentication - or at least authentication by UID/PWD.

--
Regards,
Gary Blakely
"Andy" <anedza@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1180550795.479265.324920@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Suggest you read up on Active Directory and Kerberos security.

Assuming this is on an office windows network, its likely that the
users have active directory windows accounts and that there is a
network domain already setup, where all the various servers that the
apps run on belong to a common domain.

If this is so, you can use windows credentials in your apps to
authenticate users. Credentials are established by the user when they
log onto windows and are maintained in the form of tokens.

If your apps run in IIS, you can set the security for the app's
website to require windows authenticated integration on its advanced
directory security tab from the properties menu entry when you right
click a website. Users will have to provide their windows login ID
and password if they are accessing the site externally before it will
run. Otherwise, if they are already logged into the network domain,
IIS will not prompt for credentials and will instead use the
authorization token given to them to identify them.

You can also have programs perform the login on behalf of the user to
a particular app by something similar to:

App.Credentials = System.Net.CredentialCache.DefaultCredentials

Active Directory only verifies the identity of the user; its still the
responsability of your app to decide what to do with the user once
they are verified to be who they claim to be. Active directory users
are usually assigned to arbitrary active directory groups you create.
Your app can check if an identified user belongs to a particular group
of active directory users to determine what permissions the user has.

The advantage of using active directory opposed to building your own
security system is that security is centralized - you can add or
remove a user to the network, your apps, Microsoft applications, and
the internet in a single place with a single command, all at the same
time. The active directory API is not complex, and requires far less
code to use then building and maintaining a seperate custom security
database.







.

Relevant Pages

  • RE: Beginners Questions
    ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: Win 98 in ADS integrieren
    ... Seite zum "AD Client für Downlevel CLients". ... Active Directory Client Extensions for Windows 95/98 and Windows NT 4.0 ... software can take advantage of improved authentication features in NTLM ...
    (microsoft.public.de.german.windows.server.active_directory)
  • Re: redundant time source
    ... Time Sync is very important to windows. ... Kerberos authentication and, therefore, to Active Directory-based ... Active Directory domain ...
    (microsoft.public.windows.server.active_directory)
  • Re: Passing form credentials to windows security
    ... the standardized browsers and the authentication protocols just don't ... You can configure two websites, one Intranet that is Windows only, the other ... and then authenticate them against Active Directory and then pass the ... those credentials exactly as Microsoft has done with Exchange webmail. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Automatically authenticating Users
    ... >You need to enable Windows/Integrated authentication on ... >Windows authentication for that app. ... >> client doesn't want people to login to this application, ... >> Active directory groups for each role (managers, ...
    (microsoft.public.inetserver.iis.security)
Quantcast