P
PK
Hi folks,
I hope to get some of your advice on an authentication question that
came up during the planning of web app. I'm a bit new to asp.net, so if
you can offer some experience, I'd greatly appreciate it!
I like form-based authentication because the usernames and passwords can
be stored in a database rather than in Windows (which, for security
reasons, can only be maintained by a specific person or two). Also, I'd
like to give my users the ability to log out, which is not something
I've seen in Windows authentication.
One of the main purposes of this app is to provide a search to find and
download (via resulting links) sensitive files. Forms/database
authentication is great for this, because the stored procedure that does
the search can be altered to make sure the logged-in username has rights
to download the results.
However, we would like to apply Windows security on the files to be
downloaded *just in case* a user navigates to the path of a file they
would otherwise not have permissions to. How can I mix the two types to
get what I want out of each -- without prompting the user to log in
twice!
Has anyone encountered a similiar issue?
Thanks!
PK
I hope to get some of your advice on an authentication question that
came up during the planning of web app. I'm a bit new to asp.net, so if
you can offer some experience, I'd greatly appreciate it!
I like form-based authentication because the usernames and passwords can
be stored in a database rather than in Windows (which, for security
reasons, can only be maintained by a specific person or two). Also, I'd
like to give my users the ability to log out, which is not something
I've seen in Windows authentication.
One of the main purposes of this app is to provide a search to find and
download (via resulting links) sensitive files. Forms/database
authentication is great for this, because the stored procedure that does
the search can be altered to make sure the logged-in username has rights
to download the results.
However, we would like to apply Windows security on the files to be
downloaded *just in case* a user navigates to the path of a file they
would otherwise not have permissions to. How can I mix the two types to
get what I want out of each -- without prompting the user to log in
twice!
Has anyone encountered a similiar issue?
Thanks!
PK