Why Code Authentication At All?

Discussion in 'ASP .Net Security' started by Brian, Jun 10, 2004.

  1. Brian

    Brian Guest

    Please pardon my ignorance with this one, but I am pounding my head
    against System.DirectoryServices and have an idea. Why not simply turn
    off "Anonymous User" access to my website, and let Windows provide the
    login of the person viewing the page through a call to
    Request.ServerVariables("LOGON_USER")?

    I am stuck in the middle of a set of problems with authenticating
    users and wonder why I am doing this at all?

    TIA,

    Brian
     
    Brian, Jun 10, 2004
    #1
    1. Advertising

  2. The reason you would not use Windows/IIS authentication is that you either
    don't want to or can't. Sometimes, the customer wants forms authentication,
    sometimes there are issues with Windows auth (your server is in a DMZ and
    isn't a domain member or something).

    However, if you can use Windows auth, then by all means do so. Also, you
    don't need to read the server variables to get the users name. Just do
    Context.User.Identity.Name. Additionally, you can check the Windows group
    membership of with Context.User.IsInRole. IIS and ASP.NET do all the
    plumbing for you.

    If you really do need to use S.DS to do LDAP authentication (need forms
    auth, using ADAM or non-MS LDAP, etc.), microsoft.public.adsi.general is a
    good newsgroup to ask those questions. It is an equal opportunity .NET/COM
    group.

    Joe K.

    "Brian" <> wrote in message
    news:...
    > Please pardon my ignorance with this one, but I am pounding my head
    > against System.DirectoryServices and have an idea. Why not simply turn
    > off "Anonymous User" access to my website, and let Windows provide the
    > login of the person viewing the page through a call to
    > Request.ServerVariables("LOGON_USER")?
    >
    > I am stuck in the middle of a set of problems with authenticating
    > users and wonder why I am doing this at all?
    >
    > TIA,
    >
    > Brian
     
    Joe Kaplan \(MVP - ADSI\), Jun 10, 2004
    #2
    1. Advertising

  3. Brian

    Brian Guest

    Thanks!
    I feel so much better about the mountains of code I have inherited
    at my company. I agree with their intentions. The end result looks
    like a "pig on roller skates", but I see where they were going.

    Brian



    "Joe Kaplan \(MVP - ADSI\)" <> wrote in message news:<>...
    > The reason you would not use Windows/IIS authentication is that you either
    > don't want to or can't. Sometimes, the customer wants forms authentication,
    > sometimes there are issues with Windows auth (your server is in a DMZ and
    > isn't a domain member or something).
    >
    > However, if you can use Windows auth, then by all means do so. Also, you
    > don't need to read the server variables to get the users name. Just do
    > Context.User.Identity.Name. Additionally, you can check the Windows group
    > membership of with Context.User.IsInRole. IIS and ASP.NET do all the
    > plumbing for you.
    >
    > If you really do need to use S.DS to do LDAP authentication (need forms
    > auth, using ADAM or non-MS LDAP, etc.), microsoft.public.adsi.general is a
    > good newsgroup to ask those questions. It is an equal opportunity .NET/COM
    > group.
    >
    > Joe K.
    >
    > "Brian" <> wrote in message
    > news:...
    > > Please pardon my ignorance with this one, but I am pounding my head
    > > against System.DirectoryServices and have an idea. Why not simply turn
    > > off "Anonymous User" access to my website, and let Windows provide the
    > > login of the person viewing the page through a call to
    > > Request.ServerVariables("LOGON_USER")?
    > >
    > > I am stuck in the middle of a set of problems with authenticating
    > > users and wonder why I am doing this at all?
    > >
    > > TIA,
    > >
    > > Brian
     
    Brian, Jun 11, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dbuchanan
    Replies:
    9
    Views:
    4,203
    Jim Wooley
    Feb 8, 2006
  2. Mr. SweatyFinger

    why why why why why

    Mr. SweatyFinger, Nov 28, 2006, in forum: ASP .Net
    Replies:
    4
    Views:
    998
    Mark Rae
    Dec 21, 2006
  3. Mr. SweatyFinger
    Replies:
    2
    Views:
    2,270
    Smokey Grindel
    Dec 2, 2006
  4. John Nagle
    Replies:
    4
    Views:
    619
    James Antill
    Aug 7, 2007
  5. Delaney, Timothy (Tim)
    Replies:
    0
    Views:
    582
    Delaney, Timothy (Tim)
    Aug 7, 2007
Loading...

Share This Page