prairieits
asked on
Shared PC Authentication
I work in an environment where some employees have traditional offices and their own PC's while other employees share a computer that is logged on with a non-user-specific Active Directory account. My problem is that I need a best practice scenario on how I should be authenticating any asp.net apps I write.
Options as I see them are:
1. Bite the bullet and give every user their own logon, put them in security groups and use Windows Integrated Security.
Pros - Highest level of granular security.
Cons - Shared PC areas have higher turnover so this will generate more work for the systems people to create accounts. Users would have to remember their
password for applications and the generic username/password to login to the machine.
2. Use a SQL Server Table to "roll my own" forms based security.
Cons - More development time in checking each page for a logged in variable and then redirecting to a login page if none exists. Un/Pw passed in clear text of query.
Pros - Database is already created and populated (previous app. developer did it)
Again, my base question is, "Given the scenario of some people with their own PC's (and usernames) as well as some people with shared PC's (and shared usernames), what would be the best way to secure any new applications?
Thanks,
Jerod
Options as I see them are:
1. Bite the bullet and give every user their own logon, put them in security groups and use Windows Integrated Security.
Pros - Highest level of granular security.
Cons - Shared PC areas have higher turnover so this will generate more work for the systems people to create accounts. Users would have to remember their
password for applications and the generic username/password to login to the machine.
2. Use a SQL Server Table to "roll my own" forms based security.
Cons - More development time in checking each page for a logged in variable and then redirecting to a login page if none exists. Un/Pw passed in clear text of query.
Pros - Database is already created and populated (previous app. developer did it)
Again, my base question is, "Given the scenario of some people with their own PC's (and usernames) as well as some people with shared PC's (and shared usernames), what would be the best way to secure any new applications?
Thanks,
Jerod
ASKER
I knew about forms based, but I thought that required me to write logic to check/secure each page. I guess I need to go read about it some. :)
Thanks for the tip,
Jerod
Thanks for the tip,
Jerod
nope, it can all be configured in web.config, on a page/directory basis. The only thing it doesn't allow for is differing levels of access to the same page, that is up to you at that point, though this would be true of windows authentication as well.
--Michael
--Michael
ASKER
That said, let's say I have a page on which I only want to show the button for "Administrative Reports" to people in "Management" AD group. Would I need to set a session variable at the point of their initial authentication that I would check to see if that authenticated user has enough security to see the button? (ie session variable "admin" is set to 1 for true, 0 for false)
Thanks,
Jerod
Thanks,
Jerod
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Awesome info. Thanks so much for your help!
I haven't implemented your suggestions yet (obviously), but I understand the concepts so I will close this out and go give it heck. :)
Thanks,
Jerod
I haven't implemented your suggestions yet (obviously), but I understand the concepts so I will close this out and go give it heck. :)
Thanks,
Jerod
I hope you find that it works well, I've never had a problem with the strategy.
--Michael
--Michael
--Michael