Solved

Pass-Through Authentication from Active Directory to ASP.Net

Posted on 2010-08-17
6
978 Views
Last Modified: 2012-05-10
Hello,
I have an ASP.Net application using forms authentication against an SQL database which also provides roles and other privileges based upon the user ID.  We want to integrate the application with Active Directory to provide a single login to the user.  Then when the user attempts to access the ASP.Net application the user identity will be obtained from the network login, the SQL database queried to set roles (if they have an account with roles defined…otherwise redirect to page instructing them to request an account), set their session variables, and redirect them to the appropriate page.  Seems simple enough.

Here’s what I could use some assistance with:
1.  What security settings are required for IIS 6.0 to work with ASP.Net and this authentication method?  Remove “Anonymous Access” and use “Integrated Windows Authentication”?
2.  Is the authentication method in web.config now “Windows” rather than “Forms Authentication”?  If I’m getting the user identify from the network login all I need to do is get their roles from the database and set their session...as long as the session has not expired the user can access what their roles allow in the application.
3.  How can I best simulate a domain/AD environment on an XP development laptop?  Or do I just use windows authentication in XP as a “network like” login…in other words a different authentication approach in development versus production.  I do have remote access to a development system that is identical to production but only test what has been developed on the XP laptop.

My experience is data management and web applications and I have very little experience or knowledge with server configurations or active directory.  Any input, code examples, links, would be appreciated.  Thanks!
0
Comment
Question by:heathde
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 41

Accepted Solution

by:
guru_sami earned 63 total points
ID: 33460194
-->We want to integrate the application with Active Directory to provide a single login to the user.
So now do you want to move completely to Windows authentication or part of your users will still use SQL Login?
If just Windows, yes you need to set Mode="Windows" in the web.config and set Intergrated Windows with no anonymous access.
If both then you will need a bit of work.
for Roles this might be helpful:
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
0
 

Author Comment

by:heathde
ID: 33460969
The SQL database will still be used for roles and other user privileges within the application.  All we need to do is get the authenticated user id from the Network login and query the database for roles and set the session variables.
0
 
LVL 12

Assisted Solution

by:Hairbrush
Hairbrush earned 62 total points
ID: 33462850
If your development laptop running XP is not part of an Active Directory domain, you can still test as if it were by creating local users and groups (go to control panel, click "Administrative Tools" and select "Computer Management" then "Local Users and Groups".

Your "domain" will be your computer name.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 41

Expert Comment

by:guru_sami
ID: 33465620
-->All we need to do is get the authenticated user id from the Network login and query the database for roles
Ok then the link provided should help you. Did you try that?
0
 

Author Comment

by:heathde
ID: 33465649
guru_sami,
I'm actually reviewing that article and related links right now...
0
 

Author Closing Comment

by:heathde
ID: 33485024
Thanks for your responses...both replies provided direction for a solution.  We've decided on a hybrid model using AD authentication, denying anonymous users in IIS, then querying our account database for roles based upon the authenticated user id, and finally issuing a forms authentication ticket if an account exists.  Thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question