ASP.NET Authentication and Windows Authentication

F

Fabio Gouw

Hello,

I'm developing a web application that will run on an Intranet. I'll use
Windows Authentication, so users can access the application without the need
of filling out a login page.

According which user is using the web app, he/she'll have a dinamic menu,
built with the pages he/she can access. This information is stored in a SQL
Server DB, where each user has his/her permissions.

My question is how can I bind the information on Users table with the user
who is accessing the web app, and how to make it secure.

First I thought to use User.Identity.Name property, so I can put an
"domain\login" column on Users table, but it doesn't sound secure... (Am I
right?)

Does anyone have a suggestion?

Thanks
 
K

Ken Schaefer

What do you mean by "isn't secure"? Secure against what?

Sounds like a decent idea to me. Whilst hiding usernames is probably a good
idea, authentication relies on "something I know" (password) or "something I
have" (smart card) (or combinations - multifactor authentication). So, the
trick is keeping the password secure - because that's the "secret" rather
than the username.

Cheers
Ken
 
K

Ken Schaefer

As an addendum, if you don't want to store the usernames in cleartext in the
database, you could use a one-way hashing function (MD5?) to generate a hash
of the username. Do the same in your code to the username presented by the
client, and compare that with what's in the database. That way, anyone who
does get access to the database can not determine which username is which
(except perhaps through deduction by looking at which users have which
permissions)

Cheers
Ken
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,830
Latest member
ZADIva7383

Latest Threads

Top