ASP.NET web application and authentication

Jason · Oct 15, 2003

Hi

I was thinking about administering a web application written in ASP.NET
(C#). when the authentication mode is set to "Windows", do all users within
that particular domain have access? how do you decide who has access? which
domain has access?

eg. if the web server exists in the domain "GJDOM", then will all users in
this domain have access?
And if i were to block access to user "GJDOM\frank" how would i do that?
The other side is; if i wanted to give access to "GJDOM2\anotherfrank" how
would i do that?

adding the <allow> and <deny> nodes could prove to be a bit tedious.

Thanks
Jason

Nicholas Paldino [.NET/C# MVP] · Oct 15, 2003

Jason,

If you set the authentication mode to Windows, then any domain in the
network should have access to the site. The reason for this is that the
domain can be added before the username and then the user can log in.

By default, all pages in your site will be viewable by anyone connecting
to it. What you want to do is modify the contents of the web.config file,
and modify <authorization> tag so that you limit only the users/groups that
you want to your application.

If this doesn't meet your needs, you can always implement the
IAuthenticationModule interface and register it (by modifying the web.config
file) so that you handle the authentication on your own (you can then use
Windows authentication, but fail the authentication on those you don't want
accessing your site. This bends the definition of authentication and
authorization somewhat, though).

Hope this helps.

Jason · Oct 15, 2003

Yeh, helps thanks!

"so that you limit only the users/groups that you want to your application."
is this users/groups on the web server or on the domain?

My scenario is that clients should be able to administer their own web
server, therefore selecting which users have access. whats the best solution
for this? users must not have to input passwords.

Thanks again
Jason

Nicholas Paldino said:
Jason,

If you set the authentication mode to Windows, then any domain in the
network should have access to the site. The reason for this is that the
domain can be added before the username and then the user can log in.

By default, all pages in your site will be viewable by anyone connecting
to it. What you want to do is modify the contents of the web.config file,
and modify <authorization> tag so that you limit only the users/groups that
you want to your application.

If this doesn't meet your needs, you can always implement the
IAuthenticationModule interface and register it (by modifying the web.config
file) so that you handle the authentication on your own (you can then use
Windows authentication, but fail the authentication on those you don't want
accessing your site. This bends the definition of authentication and
authorization somewhat, though).

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Jason said:

Hi

I was thinking about administering a web application written in ASP.NET
(C#). when the authentication mode is set to "Windows", do all users within
that particular domain have access? how do you decide who has access? which
domain has access?

eg. if the web server exists in the domain "GJDOM", then will all users in
this domain have access?
And if i were to block access to user "GJDOM\frank" how would i do that?
The other side is; if i wanted to give access to "GJDOM2\anotherfrank" how
would i do that?

adding the <allow> and <deny> nodes could prove to be a bit tedious.

Thanks
Jason

Click to expand...

Nicholas Paldino [.NET/C# MVP] · Oct 15, 2003

Jason,

If you want to do this, then you should have your implementation of the
authentication manager query some sort of database (or other persistant
storage) to check which root they are trying to access. If they are trying
to access an invalid route, then you cheat, and say they are not
authenticated (which is a lie, because they are authenticated, not
authorized).

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Jason said:
Yeh, helps thanks!

"so that you limit only the users/groups that you want to your application."
is this users/groups on the web server or on the domain?

My scenario is that clients should be able to administer their own web
server, therefore selecting which users have access. whats the best solution
for this? users must not have to input passwords.

Thanks again
Jason

message news:Ol%[email protected]...

Jason,

If you set the authentication mode to Windows, then any domain in the
network should have access to the site. The reason for this is that the
domain can be added before the username and then the user can log in.

By default, all pages in your site will be viewable by anyone connecting
to it. What you want to do is modify the contents of the web.config file,
and modify <authorization> tag so that you limit only the users/groups that
you want to your application.

If this doesn't meet your needs, you can always implement the
IAuthenticationModule interface and register it (by modifying the web.config
file) so that you handle the authentication on your own (you can then use
Windows authentication, but fail the authentication on those you don't want
accessing your site. This bends the definition of authentication and
authorization somewhat, though).

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Jason said:

Hi

I was thinking about administering a web application written in ASP.NET
(C#). when the authentication mode is set to "Windows", do all users within
that particular domain have access? how do you decide who has access? which
domain has access?

eg. if the web server exists in the domain "GJDOM", then will all

Click to expand...

Click to expand...

users

in

Click to expand...