D
Dave Slinn
We are in the early planning stage of a new web (ASP.NET) application, are
currently determining the best strategy for managing users in this
application.
Our application will be a mix of internal (ie. company employees) users,
external users (third party associates, etc.), and the general public (ie.
anonymous users).
We would like the application to be able to user Integrated Windows
Authentication when a company employee uses the site from the internal
network, but use an HTML form for our external users when they are logging
in. Obviously, the public pages don't need any authentication.
Currently, we are planning on using Active Directory for our internal users,
including their group memberships. My question is - for external users,
would you add them to the Active Directory or is that a security no-no
(having external, non-network users in your domain directory)? The
alternative is to setup a SQL database to manage external users, their group
privileges and their passwords.
Thanks for any suggestions...
currently determining the best strategy for managing users in this
application.
Our application will be a mix of internal (ie. company employees) users,
external users (third party associates, etc.), and the general public (ie.
anonymous users).
We would like the application to be able to user Integrated Windows
Authentication when a company employee uses the site from the internal
network, but use an HTML form for our external users when they are logging
in. Obviously, the public pages don't need any authentication.
Currently, we are planning on using Active Directory for our internal users,
including their group memberships. My question is - for external users,
would you add them to the Active Directory or is that a security no-no
(having external, non-network users in your domain directory)? The
alternative is to setup a SQL database to manage external users, their group
privileges and their passwords.
Thanks for any suggestions...