Solved

Pass-Through Authentication from Active Directory to ASP.Net

Posted on 2010-08-17
6
967 Views
Last Modified: 2012-05-10
Hello,
I have an ASP.Net application using forms authentication against an SQL database which also provides roles and other privileges based upon the user ID.  We want to integrate the application with Active Directory to provide a single login to the user.  Then when the user attempts to access the ASP.Net application the user identity will be obtained from the network login, the SQL database queried to set roles (if they have an account with roles defined…otherwise redirect to page instructing them to request an account), set their session variables, and redirect them to the appropriate page.  Seems simple enough.

Here’s what I could use some assistance with:
1.  What security settings are required for IIS 6.0 to work with ASP.Net and this authentication method?  Remove “Anonymous Access” and use “Integrated Windows Authentication”?
2.  Is the authentication method in web.config now “Windows” rather than “Forms Authentication”?  If I’m getting the user identify from the network login all I need to do is get their roles from the database and set their session...as long as the session has not expired the user can access what their roles allow in the application.
3.  How can I best simulate a domain/AD environment on an XP development laptop?  Or do I just use windows authentication in XP as a “network like” login…in other words a different authentication approach in development versus production.  I do have remote access to a development system that is identical to production but only test what has been developed on the XP laptop.

My experience is data management and web applications and I have very little experience or knowledge with server configurations or active directory.  Any input, code examples, links, would be appreciated.  Thanks!
0
Comment
Question by:heathde
  • 3
  • 2
6 Comments
 
LVL 41

Accepted Solution

by:
guru_sami earned 63 total points
Comment Utility
-->We want to integrate the application with Active Directory to provide a single login to the user.
So now do you want to move completely to Windows authentication or part of your users will still use SQL Login?
If just Windows, yes you need to set Mode="Windows" in the web.config and set Intergrated Windows with no anonymous access.
If both then you will need a bit of work.
for Roles this might be helpful:
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
0
 

Author Comment

by:heathde
Comment Utility
The SQL database will still be used for roles and other user privileges within the application.  All we need to do is get the authenticated user id from the Network login and query the database for roles and set the session variables.
0
 
LVL 12

Assisted Solution

by:Hairbrush
Hairbrush earned 62 total points
Comment Utility
If your development laptop running XP is not part of an Active Directory domain, you can still test as if it were by creating local users and groups (go to control panel, click "Administrative Tools" and select "Computer Management" then "Local Users and Groups".

Your "domain" will be your computer name.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 41

Expert Comment

by:guru_sami
Comment Utility
-->All we need to do is get the authenticated user id from the Network login and query the database for roles
Ok then the link provided should help you. Did you try that?
0
 

Author Comment

by:heathde
Comment Utility
guru_sami,
I'm actually reviewing that article and related links right now...
0
 

Author Closing Comment

by:heathde
Comment Utility
Thanks for your responses...both replies provided direction for a solution.  We've decided on a hybrid model using AD authentication, denying anonymous users in IIS, then querying our account database for roles based upon the authenticated user id, and finally issuing a forms authentication ticket if an account exists.  Thanks!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now