Web Security Models with VS2005 and Windows Server 2003

Hi all

I am a relatively experiences Windows/SQL Server database programmes and
have just started on my first ever web app.

I have managed with most of the simple stuff i.e. datagrids, crystal etc,
but I am finding the security model confusing (actually I'm a bit confused
over the event model and postbacks as well, but that's a different story).

Anyway, my first app is to run on our Intranet and the users are (possibly)
to be validated using windows authentication. I can get this working to a
certain extent by using the web site security configuration tool within
VS2005.

What I really need is the SIMPLEST of tutorials, answering things like...

What is the correct way to login, is the windows box that pops up ok, or
should I use a login page with the login components available under VS2005.

How do I validate the login against our network users. (Using windows
security, it looks as though this is already done automatically)?

The security wizard seems to allow access to 'levels' of the website, not
per particular page. I need to be able to control not only to page level,
but to what each user can return from the database on the particular page
(i.e. pass the user to the database). Is there an equivalent to windows
groups, where different people are members of groups, and its the groups
that have the privileges on the pages(I found roles, but couldn't really
figure out how they worked)

Do I first of all validate a login against the network, and then look up
what each user can do in the database?

Does each session somehow know whose logged in? Is there some 'CurrentUser'
class that can be used by any page to see if they first of all they can view
it, and secondly what they can do

so many questions......

So anyway, what I'm looking for is a nice simple tutorial, explaining from
first principles how basic security woks. Obviously I've googled for it,
bust most either assume that you already know what your doing, or show how
to do a certain thing but not how it fits in a bigger picture

thanks in advance

Andy


.

Relevant Pages

  • RE: How to allow users to change their password?
    ... be set up to provide the Security dialog window for password changes. ... I'll have to login using their login ... > name/password first. ... See http://www.QBuilt.com for all your database needs. ...
    (microsoft.public.access.security)
  • Re: Is this possible??
    ... I understand Windows security but since I've not seen A2007 live, ... The backend is on the server in it's own file. ... database, but everyone does not need to have access to tblwage which is ...
    (microsoft.public.access.tablesdbdesign)
  • Re: Enter user name, enter password, then press enter...
    ... What do you do when the customer asks that the database login in be the same ... username and password to use all of the stuff that she is permitted to use. ... I have implemented this type of security for Access, VB, and Web Based ASP ...
    (microsoft.public.access.forms)
  • Re: Login forms
    ... >>> I'm trying to develop a login form for an access database. ... >>> to use the Access User Level Security at the moment. ...
    (microsoft.public.access.forms)
  • Re: Linked Table-Embed Password
    ... > for the one login was the security. ... Don't confuse data security issues with data integrity issues. ... It may be common, but it's not secure. ... See http://www.QBuilt.com for all your database needs. ...
    (microsoft.public.access.security)