What is best practice: Combining anonymous logon with windows logon?

Discussion in 'ASP .Net Security' started by Kjell Kristiansson, Nov 30, 2005.

  1. Asp.Net 1.1, Win2k Server

    In my application I want to achieve the following on alla pages in the
    solution:
    - an anonymous user will get a limited set of options
    - an ananymous user shall have the option to logon or continue as
    anonymous
    - a user already logged on to the domain shall not have to logon again
    - different users get different options depending on group (role)
    I would prefere to keep all applications in the same directory and thus
    not
    tamper with file access rights but rather handle authorisation in the
    application.

    Independent of user I need to access the Registry for configuration
    settings.

    I have made a number of experiments and stepped into several problems
    like:

    If I allow Anonymous access I am not able to find real user. Possible?
    If I deny Anonymous users everybody has to logon. (using windows auth)
    If I set impersonate I can not access the registry. Solution?

    I am sure there is a nice solution to this. It should not be too uncommon
    a
    problem.
    What would be considered Best Practice for this?

    Kjell K
    PS. I write this in VB but C# is no problem.
     
    Kjell Kristiansson, Nov 30, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.