RE: ActiveDirectory and user page Access
- From: Alex. O. Koranteng <AlexK@xxxxxxxxxxxxxxxx>
- Date: Thu, 4 Dec 2008 09:55:02 -0800
Hongye,
Thanks for all your help on this topic. It is indeed a tough subject. I
thinkk I will know how to handle this the next time around. JUst of a couple
of question to clear my mind.
(1)When you say I do not have to use ActiveDirectory membership under
Integrated windows authentication, what made me to use it in the first place.
I was of the impression that you use it if you are accessing the AD as where
your data is stored. Would I have to use it I was using forms authentication
(2) When does one use SQl membership provider and what are the advantages
Please give me your thoughts and thanks again.
Alex
""Hongye Sun [MSFT]"" wrote:
Hi Alex,.
You are right that it will be much easier by using Windows integrated
authentication in your scenario. In this way, all the users and roles data
are all from AD server or local machine. You don't need to do additional
work if you just want to reuse the data.
Here are the detailed steps to implement it:
1. Disable Anonymous access in IIS
Using the Internet Information Services MMC snap-in, edit the properties of
the Web site. Edit the Anonymous access and authentication control on the
Directory security tab. Clear the Anonymous access check box and select the
Integrated Windows Authentication check box.
2. In the Web.config file, enable Windows authentication and use
AspNetWindowsTokenRoleProvider.
----------------------------
<system.web>
...
<authentication mode="Windows"/>
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider" />
...
</system.web>
----------------------------
3. Configure access to pages and folders in web.config
----------------------------
<configuration>
<location path="memberPages">
<system.web>
<authorization>
<allow roles="BUILTIN\Administrators" />
<deny users="*" />
</authorization>
</system.web>
</location>
<!-- other configuration settings here -->
</configuration>
----------------------------
Here path can be folder or page path.
Roles can be BUILTIN user groups or Domain user groups like
"<Domain>\Administrators".
That's it. We don't need to use ActiveDirectoryMembershipProvider under
windows integrated authentication.
Have a nice day.
Regards,
Hongye Sun (hongyes@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- RE: ActiveDirectory and user page Access
- From: "Hongye Sun [MSFT]"
- RE: ActiveDirectory and user page Access
- References:
- RE: ActiveDirectory and user page Access
- From: "Hongye Sun [MSFT]"
- RE: ActiveDirectory and user page Access
- From: Alex. O. Koranteng
- RE: ActiveDirectory and user page Access
- From: "Hongye Sun [MSFT]"
- RE: ActiveDirectory and user page Access
- From: Alex. O. Koranteng
- RE: ActiveDirectory and user page Access
- From: "Hongye Sun [MSFT]"
- RE: ActiveDirectory and user page Access
- From: Alex. O. Koranteng
- RE: ActiveDirectory and user page Access
- From: "Hongye Sun [MSFT]"
- RE: ActiveDirectory and user page Access
- Prev by Date: RE: Starting VS IDE with WSH script causes catastrophic process failur
- Next by Date: RE: Starting VS IDE with WSH script causes catastrophic process fa
- Previous by thread: RE: ActiveDirectory and user page Access
- Next by thread: RE: ActiveDirectory and user page Access
- Index(es):
Relevant Pages
|
