K
kirby.matt
Hello, I am in the design stages of an ASP.NET application for my
company, and I am wondering how I shoudl handle security. Even though
this application is going to be internal and only 2-3 users, who will
rarely change, they still insist on making it a web application. My
first inclination is to use the Web.config and use Authorization to
authorize the 3 users and deny everyone else. A couple of other apps
here connect to Active Directory and authenticate the users that way,
but I feel like that would be overkill and one more connection to
maintain. There is also the possibilty of having a SQL table. There
will be no login page, so any kind of authentication will be based on
the users Windows user id. Any thoughts? Thanks.
company, and I am wondering how I shoudl handle security. Even though
this application is going to be internal and only 2-3 users, who will
rarely change, they still insist on making it a web application. My
first inclination is to use the Web.config and use Authorization to
authorize the 3 users and deny everyone else. A couple of other apps
here connect to Active Directory and authenticate the users that way,
but I feel like that would be overkill and one more connection to
maintain. There is also the possibilty of having a SQL table. There
will be no login page, so any kind of authentication will be based on
the users Windows user id. Any thoughts? Thanks.