ASP.NET webapp intranet security

[Raj]

Hi there!!

I am relatively new at ASP.NET. I have built a web app using ASP.NET /
VB.NET with data being stored in SQL Server 2000 (SQL Authentication).
This app is going to be used inhouse. The specific URL will be given to
selective people. Now I am not sure how I can prevent unauthorized
employees from accessing the website. I am thinking this falls under
intranet security and I tried to google ASP.NET intranet security but
it is overwhelming for a learner like me. Can some one please tell me
or point to a resource. I am hoping to find a similar solution like
windows file security. For example, I can control who can access the
file by just adding/removing an user. Can I do some thing like that?
Your input will be appreciated. Thanks!!

-Raj

 

[MikeS]

I think you may just have to add your users to an NT group then in
web.config set authentication mode=windows, add an authorization tag to
allow roles=domain\group and deny users= * and enable the rolemanager
to use the WindowsTokenRoleProvider. Maybe also disable basic and
anonymous access in IIS.

 

[Raj]

Thanks Mike for the input. I got it working using 'allow user' and
'deny user' options. I am not sure what you mean by 'enable the
rolemanager
to use the WindowsTokenRoleProvider'. If you can simplify it for me,
that will be great. Even otherwise you solved my problem. Thanks!!

-Raj

 

[MikeS]

The role manager is optional but useful if you want to restrict access
further to other content in sitemaps and/or in web.config with location
tags based on other NT groups the users belong to.

For ASP.NET 2.0...

<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider"
cacheRolesInCookie="false"></roleManager>

Response.Write("Welcome: " & User.Identity.Name & "<br />")
Response.Write("Groups: " & Join(Roles.GetRolesForUser(), ",")
& "<br />")
Response.Write("Administrator: " &
User.IsInRole("BUILTIN\Administrators") & "<br />")