Web application to use window domain accounts for authentication

by

If you have a web application that will run inside a network, it makes sense for it to support windows authentication (active directory?).

Would it make sense to use AD security model as well, or would I make my own roles/security module that some admin would have to configure for each user?

I’ve never dealt with windows security before, so I am very confused as to how I should be handling security for a web application that runs within a windows network.

I guess there are 2 major points I have to tackle:

1. authentication
2. authorization

I have a feeling that best-practice would say to handle authorization myself, but use AD authentication right?

Contents hide
Answers:
Method 1
Method 2
Method 3

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Basically windows handles everything, you never store usernames or passwords, AD and IIS do all the work for you

add this to your web.config

 <system.web>
  ...
  <authentication mode="Windows"/>
  ...
 </system.web>

To configure Windows authentication

  1. Start Internet Information Services
    (IIS).
  2. Right-click your
    application’s virtual directory, and
    then click Properties.
  3. Click the
    Directory Security tab.
  4. Under
    Anonymous access and authentication
    control, click Edit.
  5. Make sure the
    Anonymous access check box is not
    selected     and that Integrated Windows
    authentication is the only selected
    check box    .

You can then deal with the business or authorization using web.config again. for example

<authorization>
 <deny users="DomainNameUserName" />
 <allow roles="DomainNameWindowsGroup" />
</authorization>

Read more here: http://msdn.microsoft.com/en-us/library/ms998358.aspx

Method 2

This problem is solved in detail by Mr. Scott Guthrie in
Link 1 and Link 2

Method 3

I used windows security on some of my internal sites.

Basically the way I set it up is I remove anonymous access in IIS, then assign permissions on the sites files though the standard windows security model.

I’m not sure if this is the best practices, but it has always worked well for me.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x