Do not use on any
shared computer
May 17, 2008 02:06am pdt
05.07.2008 at 08:23PM PDT, ID: 23384968 | Points: 500
[x]
Attachment Details
C#, Windows Authentication custom authentication to IIS6 (Windows 2003)
Zones: Visual Studio 2008, Programming for ASP.NET, .NET Framework 3.x versions
Hi,

Configuration:

1. Windows 2003 R2 - IIS 6.0.
2. Visual Studio 2008 C#.

Problem:

Authenticate users to allow / disallow them to connect to a particular web site.
Specifically only users from a particuar OU in Active Directory can connect.
(I know IIS allows for this). However here is the catch, I need to record the time
when they first connect. Then disable there account 7 days after they connect.
Note this has to be after they initially log on..

Possible Solutions ???:

Ok what I am figuring the way todo this is via the .NET Http module.
(http://msdn.microsoft.com/en-us/library/bb398986.aspx)
So AD lets them through then it goes into the Http module and it can perform a database
lookup to see if the user can still log on or not. (I will then have a schenduled program that iterates through
the accounts and disables them after the 7 days period).

Am I on the right track here any sample code somebody can point me to? (Even
if it just how todo the authentication). Or, am I best writing an ASPI filter?

Any input greatly appreciated,

Ward.
Start your free trial to view this solution
Question Stats
Zone: Microsoft
Question Asked By: whorsfall
Question Asked On: 05.07.2008
Participating Experts: 1
Points: 500
Views: 0
Translate:
Loading Advertisement...
05.08.2008 at 11:23AM PDT, ID: 21527150

Rank: Guru

tedbilly:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.08.2008 at 04:35PM PDT, ID: 21529355
whorsfall:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.08.2008 at 04:44PM PDT, ID: 21529424

Rank: Guru

tedbilly:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.10.2008 at 01:37AM PDT, ID: 21538242
whorsfall:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.10.2008 at 09:32AM PDT, ID: 21539562

Rank: Guru

tedbilly:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.10.2008 at 02:26PM PDT, ID: 21540525
whorsfall:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Handhelds / PDAs
  • Displays / Monitors
  • Components
  • Networking Hardware
  • Peripherals
  • Laptops/Notebooks
  • Storage
  • Servers
  • Desktops
  • New Users
  • Misc
  • Apple
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMWare
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMWare
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Community Advisor
  • Lounge
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • Community Advisor
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
05.08.2008 at 11:23AM PDT, ID: 21527150

Rank: Guru

tedbilly:
You could consider using 'Forms Authentication' mixed with AD authentication.  Then you could track the times yourself: http://www.codeproject.com/KB/aspnet/LDAP.aspx
 
05.08.2008 at 04:35PM PDT, ID: 21529355
whorsfall:
Hi,

Thanks for your answers. Can you clarifty the advantages of this method as using a Http module don't I also have the oppertunity to track it as I have to respond to the different events and can fail the authentication in one of the events within it. This would be done from the AuthenticateRequest event?

Also with the method you are suggesting how would I set up the web site's security. Nothing special and just assign the relevent AD security that matches the OU. Please elaborate a bit here.

Thanks for your response :)

Ward.
 
05.08.2008 at 04:44PM PDT, ID: 21529424

Rank: Guru

tedbilly:
With the 'Forms Authentication' it's simply easier to manage.  The files and folders that need to be secured are managed in the web.config file.

The example shows how to use the specific OU and configure the site security.  If you search the Microsoft site they have information as well.  It's very easy to control.
 
05.10.2008 at 01:37AM PDT, ID: 21538242
whorsfall:
Hi,

Thanks for your response. One other question, for the part of the disable the account will I be able to do a run as so the IUSER... account does not have to be an admin..

So runas (domain admin), then disable the account.

Thanks,

Ward.
 
05.10.2008 at 09:32AM PDT, ID: 21539562

Rank: Guru

tedbilly:
Why do you need to execute a 'Run As'?  I thought you need to disable website access after x days, not the AD account.  If you need to disable the AD account that is a totally different question and can be completed another way.
 
05.10.2008 at 02:26PM PDT, ID: 21540525
whorsfall:
tedbilly,

Sorry for the misunderstanding, no it is definatly the account that has to be disabled as opposed to the web site.  As there are numbers of users that will be accessing this. These are like trail accounts that are handed out and we only want them to access the site for 7 days after they initially log on.

Please forgive me if I was unclear.

Ward
 
 
20080206-EE-VQP-25 / EE_QW_2_20070628