asp.net security: I am interested in building a site with integrated windows authentication
using acl groups. Is it possible without having users and roles defined in
the database or is windows authentication, within asp.net, intended to
validate the user and pass the user to the defined joined users/roles in the
db thereby giving certain access to areas of the site?

Is there any good resources on window authentication and asp.net anyone can
recommend ?

Thanks,
Jeff

With ASP.NET, you face a more complicated identity matrix, which is
described here:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp

If you want to authenticate your application using windows authentication,
but have a single account access the database, you can configure IIS to use
anonymous authentication with a domain account, use windows authentication
for ASP.NET, and set impersonation to true. As a result, you will be using
local ACLs to control access to your site, but the domain account that IIS
is running under any time that you make a request to another server.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
[quoted text, click to view]

Additionally, look at this MSDN article:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconTheWindowsAuthenticationProvider.asp

--
Ralph Page MBA, CMBA, MCDBA, MCSE, CCNA
-------------------------------------------------------------------------
"However beautiful the strategy, you should occasionally look at the
results."
-- Winston Churchill
-------------------------------------------------------------------------
[quoted text, click to view]