Hello; having similar ASP=2ENET security issues=2E
Upgrading a number of ASP classic apps to =2ENET and have=
everything done but cant figure out how to get the security to=
work correctly=2E
Under the ASP Classic implementations security was NT Groups=
based=2E Various Groups were created for different access rights,=
and the apps just checked the logged in user against ADSI to=
determine if they were in the correct group(s) for whatever=
access=2E
This was accomplished quite easily by dim-ing out an object for=
the Domain and flipping thru the Groups to find the one of=
interests and then checking to see if the user logged on to the=
app was in that group, and setting a session variable to that=
effect=2E
This had many advantages, including the fact that Networks=
administered the user accounts, adding & removing people from=
groups, and so on without Development needing to get involved=2E=
It was also easy, and allowed users to log into the system from=
any machine they happened to be at as themselves=2E
Under ASP=2ENET however, Windows authentication picks up the person=
logged in on the computer itself defeating part of the desired=
functionality=2E
So I tried Forms based authentication and though various books=
list ADSI as being a valid source of comparison for login=
verification I cant find one line of code on how to do that; all=
the examples use a custom independently managed Database, XML=
files, or hardcoding the user info directly in the web config=
(!), the last to of which strike me as generally bad ideas=2E I=
dont have any problem doing the Database option if necessary,=
but as all of the user security is already set up and better yet=
administered by Networks I would much rather find a way to use=
the existing infrastructure to manage this=2E
Any ideas how to force =2ENET to accept a forms based=
authentication and then verify it against ADSI?
Thanx!
--------------------------------
From: Ed Hastings
-----------------------
Posted by a user from =2ENET 247 (http://www=2Edotnet247=2Ecom/)
