AUTHORIZATION with WINDOWS AUTHENTICATION -- HELP!!

Discussion in 'ASP General' started by phreeskier@gmail.com, Jun 21, 2005.

  1. Guest

    i want to implement authorization with windows authentication and don't
    have the slightest clue of how to do this implementation. the basic
    windows authentication for this .NET application is already setup. my
    problem lies within my inability to manipulate the username captured in
    the authentication process and my knowledge of how IIS is involved.

    specifically, i have the following questions:
    1) what object(s) can be used so that the user's username can be
    manipulated for the authorization process?
    2) in order to apply roles, do the users need to be placed in groups in
    IIS? if so, how does this work?
    3) is all the code that the application uses for roles in web.config?
    or does global.asax play a role in this matter?
    4) does the web.config file know to communicate with IIS because the
    authorization type is set to windows?
    5) once authorization is in place, can a section of an .aspx file be
    visible to a group or can only entire files be secured for a group?

    as you can see, i'm trying to figure out the relationship between
    authorization and windows authentication so any help would be
    appreciated.

    thanks,
    john
    e:
    , Jun 21, 2005
    #1
    1. Advertising

  2. wrote:
    > i want to implement authorization with windows authentication and
    > don't have the slightest clue of how to do this implementation. the
    > basic windows authentication for this .NET application


    There was no way for you to know it, but this* is a classic asp newsgroup.
    While you may be lucky enough to find a dotnet-savvy person here who can
    answer your question, you can eliminate the luck factor by posting your
    question to a newsgroup where the dotnet-savvy people hang out. I suggest
    microsoft.public.dotnet.framework.aspnet.

    Nevertheless ... I'll give it a try. Read on.

    > is already
    > setup. my problem lies within my inability to manipulate the
    > username captured in the authentication process and my knowledge of
    > how IIS is involved.
    >
    > specifically, i have the following questions:
    > 1) what object(s) can be used so that the user's username can be
    > manipulated for the authorization process?


    That would be User.Identity.Name

    > 2) in order to apply roles, do the users need to be placed in groups
    > in IIS? if so, how does this work?


    No such thing as IIS groups. You can either create groups in a database
    (which can be as simple as a table containing a username column and a
    groupname column), or create groups in your Active Directory, meaning that
    you will need to learn how to query the AD, which is no trivial task.


    > 3) is all the code that the application uses for roles in web.config?


    There is no code in web.config

    > or does global.asax play a role in this matter?


    A Session_onstart sub in global.asax could come into play if you choose to
    take that route, but usually, the answer is: Neither.

    > 4) does the web.config file know to communicate with IIS because the
    > authorization type is set to windows?


    Huh? You need to go back and read the book. web.config does not
    "communicate" with anything. It is simply a configuration file containing
    settings that your application's dll uses when it loads.

    Also, the "authentication" type is set in web.config. Authorization is up to
    you to implement.

    > 5) once authorization is in place, can a section of an .aspx file be
    > visible to a group or can only entire files be secured for a group?
    >


    Yes to both, but there's nothing automatic about it. You have to write the
    code to make it happen.

    > as you can see, i'm trying to figure out the relationship between
    > authorization and windows authentication so any help would be
    > appreciated.
    >


    Please follow up in the aspnet newsgroup.

    Bob Barrows
    *I read this message and replied to it in the .inetserver.asp newsgroup. In
    the future, pleas pick a single group to post your message to. Usually,
    somebody will be polite enough to point you in the proper direction if
    you've chosen the wrong newsgroup.
    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Jun 21, 2005
    #2
    1. Advertising

  3. Bob Barrows [MVP] wrote:

    > Also, the "authentication" type is set in web.config. Authorization
    > is up to you to implement.
    >

    oops, a little bit of misinformation here: You CAN use authorization based
    on AD groups. Here is a link with more information:
    http://msdn.microsoft.com/library/en-us/vbcon/html/vbconWebApplicationSecurityAtRunTime.asp

    There is a section about authorization about halfway down, including links
    to other relevant documents.
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows [MVP], Jun 21, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ollie
    Replies:
    8
    Views:
    5,795
    Joe Kaplan \(MVP - ADSI\)
    Dec 9, 2004
  2. Replies:
    2
    Views:
    395
    Mike Mueller
    Jun 22, 2005
  3. DK
    Replies:
    1
    Views:
    368
    Usenet User
    Sep 23, 2008
  4. Bob Osborne
    Replies:
    0
    Views:
    212
    Bob Osborne
    Nov 18, 2003
  5. SeanRW
    Replies:
    1
    Views:
    361
    Dominick Baier [DevelopMentor]
    May 25, 2006
Loading...

Share This Page