jc wrote:
> For intranet development.. is there anything terribly wrong with
> authenticating users against AD groups to determine what pages, menus,
> features they should be allowed to see and use?
>
> Would there be any valid reason for asking users to re-enter there AD
> user and PW for every intranet Application to confirm they are in the
> AD Rather than just testing the security of the windows user with the
> below code? Any benefit to carring around a cookie or Session with
> something that is then used to confirm they were authenticated at some
> point in the session? What the value of this beyond allowing one user
> to authenticate in an intranet site while windows is authenticated as
> another user? And is there no risk to session or cookie that could be
> easily read and replicated to fool the site?
>
> What the best and/or most common practice for intranet website
> security?
>
>
> If (Page.User.IsInRole("XXX ADMIN")) Then
>
>