Best practice for extranet users -- asp.net security

James
8/6/2004 1:11:01 AM

We want to give access to regional staff across the country to a database
that only supports Windows Authentication.
The staff should only see data from their own region. So the database needs
to know who exactly the user is, so that it filters out the data accordingly.

We do not have a nationwide Windows network, so we cannot use IIS Windows
Auth.

Assuming we'd be using Forms Auth, how can we pass on the user identity to
this database? In other words, how can we assign each individual user to a
unique Windows account that would uniquely identify the user to the database?

James
8/6/2004 5:01:03 AM

Looks like what I'm looking for, I'll try it out.
Thanks.

[quoted text, click to view]

lukezhan NO[at]SPAM online.microsoft.com
8/6/2004 9:51:00 AM

Hello,

For such a situation, Form authentication seems to be the only choice. Here
is a article about how valid windows account within Form Authentication:

How to authenticate against the Active Directory by using Forms
authentication and Visual C# .NET
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q316748

After the authentication, we need impersonate current user's account to
access the database. Here is an article about this:

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q306158

Hope this help,

Luke

lukezhan NO[at]SPAM online.microsoft.com
8/9/2004 3:49:17 AM

You are welcome. If there is further questions, please feel free to post
here.

Luke

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about asp.net security

asp.net security : Best practice for extranet users