RE: ActiveDirectory and user page Access

Hi Alex,

Thanks for your reply.

Here are my answers:

Answer 1)
ActiveDirectory membership is not required under Integrated windows
authentication. This is because IIS will authenticate the current user by
using current process's network credentials. So you don't need to use
ActiveDirectory membership provider to authenticate again under Integrated
windows authentication.

Please note that the ASP.net process must be running under default account
"NT AUTHORITY\Network Service" or custom domain account.
"NT AUTHORITY\Network Service" account does have network credentials. This
means that you can use it to authenticate against network resources in a
domain. So you don't need to enable impersonate in this case, because the
process's account already have the rights to authenticate a user.

In form authencation, you must use ActiveDirectory membership provider,
because you need to authenticate the user in your asp.net application
instead of IIS. For windows integrated authentication in IIS, please refer
to
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5
23ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true.

Answer 2)
SQL membership provider is usually used in situation to customize the
membership info. The advantage of it is that it can be used to add, modify
and delete users which are only specific to your application.

It all depends on the business requirement for you to use which provider.
If you want to reuse AD accounts (like Domain\username), you should choose
windows integrated authentication or AD membership provider with Form
authentication. If you want to use custom accounts (You can add, modify and
delete them), SQL membership provider is the best choice.

SQL role provider is also suitable to use custom roles (You can add, modify
and delete them).

I am hoping my answer can clear your confusion.

Have a nice weekend.

Regards,
Hongye Sun (hongyes@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx
 
This posting is provided "AS IS" with no warranties, and confers no rights.






.

Relevant Pages

  • Re: Use login control to limit access to certain pages
    ... Membership Database to store your users and want unauthenticated users to ... The resources are scattered as you said, ... I want to confirm which authentication type you are using? ... without validation when request path is in this XML file. ...
    (microsoft.public.dotnet.general)
  • RE: Forms Authentication vs MembershipProvider
    ... First, I'm glad that you've got custom membership provider working, great ... For Forms authentication and membershp service, ... authenticaiton) which is used to provide security authorization (protect ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Membership functions connect to Sql Server as Process Identity, not user identity??
    ... the reason I want to use membership while using windows ... forms authentication and the membership class for everything. ... thus the reason I need to be able to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Membership Provider Woes
    ... You set the FormsAuth ticket on the Login_LoggingIn. ... cookie regardless of whether the user's authentication failed or not. ... Doens't the membership provider set a forms auth cookie for me ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: MOSS2007/WSS 3.0 Installation/Configuration Problems
    ... At work the WSS v3 worked without issue. ... Authentication ... Is there some way to figure out if the ASP.NET membership is the cause ... try a clean install this afternoon. ...
    (microsoft.public.sharepoint.windowsservices)