B
Beemer Biker
I googled and even brought up the web.config wizard but didnt get answer to
some questions. I added code to my project to do forms authentication after
looking at this active directory sample
http://www.ondotnet.com/pub/a/dotnet/2003/01/20/formsauthp2.html
OK, I login using my domain, password and username. It works fine. Some
observations:
1. The login script runs when a new form is launched. I only want to login
once and when, for example, my date/time picker aspx page is launched I dont
want to have to authenticate for that. How do I set up web.config or code
the login so that only my Default.aspx page requires authentication and not
every little helper form.
2. When I demo'ed my prototype to some colleagues I was asked if I had
coded it to sniff out their passwords. OK, that is a good question. I used
the exact code at
http://www.ondotnet.com/pub/a/dotnet/2003/01/20/formsauthp2.html
which uses active directory. So how can I assure them I am not sniffing
their passwords? Maybe I cant and if so, this type of security is not what
is needed.
3. After the user was authenticated, the following code segment was
executed:
if (Request.IsAuthenticated){
Response.Write("Authenticated User:" +
Request.LogonUserIdentity.Name + "\n");
}
OK. I didnt get the users name unless I am actually viewing the page on my
server under the VS8 debugger.
Authenticated User:SWRI16\jstateson
But if I am on a linux box or any windows system all I see is the name of
(my) server as in:
Authenticated User:JYSDC1178\IUSR_JYSDC1178
These names are no good. Surely I can get their actual username since I am
going to allow them to upload stuff into the database and I need to identify
who did the upload and record the username.
We are running exchange server and active directory, I should be able to get
the username.
--
=======================================================================
Beemer Biker joestateson at grandecom dot net
http://TipsForTheComputingImpaired.com
http://ResearchRiders.org Ask about my 99'R1100RT
=======================================================================
some questions. I added code to my project to do forms authentication after
looking at this active directory sample
http://www.ondotnet.com/pub/a/dotnet/2003/01/20/formsauthp2.html
OK, I login using my domain, password and username. It works fine. Some
observations:
1. The login script runs when a new form is launched. I only want to login
once and when, for example, my date/time picker aspx page is launched I dont
want to have to authenticate for that. How do I set up web.config or code
the login so that only my Default.aspx page requires authentication and not
every little helper form.
2. When I demo'ed my prototype to some colleagues I was asked if I had
coded it to sniff out their passwords. OK, that is a good question. I used
the exact code at
http://www.ondotnet.com/pub/a/dotnet/2003/01/20/formsauthp2.html
which uses active directory. So how can I assure them I am not sniffing
their passwords? Maybe I cant and if so, this type of security is not what
is needed.
3. After the user was authenticated, the following code segment was
executed:
if (Request.IsAuthenticated){
Response.Write("Authenticated User:" +
Request.LogonUserIdentity.Name + "\n");
}
OK. I didnt get the users name unless I am actually viewing the page on my
server under the VS8 debugger.
Authenticated User:SWRI16\jstateson
But if I am on a linux box or any windows system all I see is the name of
(my) server as in:
Authenticated User:JYSDC1178\IUSR_JYSDC1178
These names are no good. Surely I can get their actual username since I am
going to allow them to upload stuff into the database and I need to identify
who did the upload and record the username.
We are running exchange server and active directory, I should be able to get
the username.
--
=======================================================================
Beemer Biker joestateson at grandecom dot net
http://TipsForTheComputingImpaired.com
http://ResearchRiders.org Ask about my 99'R1100RT
=======================================================================