Re: Webapp Authentication best practice...
- From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
- Date: Mon, 12 Feb 2007 22:01:50 +0100
"Joe" <Joe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:68398643-BBB0-451F-90F8-434E426642F7@xxxxxxxxxxxxxxxx
Willy,Ok, so you can't use Windows authentication.
These are clients that are accessing the Web app via the INTERNET.
So, currently they login and I capture their login information after IUsing basic authentication? In that case, you have a serious security issue, it's your job to authenticate incoming users in the strongest possible fashion (possibly using certificates), failing to do so leaves yourself wide open to attack!
authenticate their credentials.
The functions that they are performing are Group membership maintenance.Once the clients are authenticated you don't need to keep their credentials around, all you should do is switch identities when accessing AD resources, that is, you should access the AD from asp.net using "explicit" credentials, or (better) delegate the AD function to a COM+ server application (using System.EnterpriseServices) that runs in an account with specific/restricted AD access privileges and possibly using role based security for finer grained access control.
for a specific OU.
So, I doubt that it is good practice to capture and retain their credentials
in memory and then create a new DirectoryEntry each time that I want
to perform a function (like enumerate groups, modify membership etc...).
The latter scenario is better because it offers both stronger security and better scalability.
Willy.
.
- References:
- Re: Webapp Authentication best practice...
- From: Willy Denoyette [MVP]
- Re: Webapp Authentication best practice...
- Prev by Date: Re: Find out what module is taking so long to compile
- Next by Date: Re: ImageList Component: Adjust Image Size Per Image
- Previous by thread: Re: Webapp Authentication best practice...
- Next by thread: Setting the BackColor of indvidual cells in a DataGridView
- Index(es):
Relevant Pages
|
