?
Solved

Pass-Through Authentication from Active Directory to ASP.Net

Posted on 2010-08-17
6
Medium Priority
?
981 Views
Last Modified: 2012-05-10
Hello,
I have an ASP.Net application using forms authentication against an SQL database which also provides roles and other privileges based upon the user ID.  We want to integrate the application with Active Directory to provide a single login to the user.  Then when the user attempts to access the ASP.Net application the user identity will be obtained from the network login, the SQL database queried to set roles (if they have an account with roles defined…otherwise redirect to page instructing them to request an account), set their session variables, and redirect them to the appropriate page.  Seems simple enough.

Here’s what I could use some assistance with:
1.  What security settings are required for IIS 6.0 to work with ASP.Net and this authentication method?  Remove “Anonymous Access” and use “Integrated Windows Authentication”?
2.  Is the authentication method in web.config now “Windows” rather than “Forms Authentication”?  If I’m getting the user identify from the network login all I need to do is get their roles from the database and set their session...as long as the session has not expired the user can access what their roles allow in the application.
3.  How can I best simulate a domain/AD environment on an XP development laptop?  Or do I just use windows authentication in XP as a “network like” login…in other words a different authentication approach in development versus production.  I do have remote access to a development system that is identical to production but only test what has been developed on the XP laptop.

My experience is data management and web applications and I have very little experience or knowledge with server configurations or active directory.  Any input, code examples, links, would be appreciated.  Thanks!
0
Comment
Question by:heathde
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 41

Accepted Solution

by:
guru_sami earned 189 total points
ID: 33460194
-->We want to integrate the application with Active Directory to provide a single login to the user.
So now do you want to move completely to Windows authentication or part of your users will still use SQL Login?
If just Windows, yes you need to set Mode="Windows" in the web.config and set Intergrated Windows with no anonymous access.
If both then you will need a bit of work.
for Roles this might be helpful:
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
0
 

Author Comment

by:heathde
ID: 33460969
The SQL database will still be used for roles and other user privileges within the application.  All we need to do is get the authenticated user id from the Network login and query the database for roles and set the session variables.
0
 
LVL 12

Assisted Solution

by:Hairbrush
Hairbrush earned 186 total points
ID: 33462850
If your development laptop running XP is not part of an Active Directory domain, you can still test as if it were by creating local users and groups (go to control panel, click "Administrative Tools" and select "Computer Management" then "Local Users and Groups".

Your "domain" will be your computer name.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 41

Expert Comment

by:guru_sami
ID: 33465620
-->All we need to do is get the authenticated user id from the Network login and query the database for roles
Ok then the link provided should help you. Did you try that?
0
 

Author Comment

by:heathde
ID: 33465649
guru_sami,
I'm actually reviewing that article and related links right now...
0
 

Author Closing Comment

by:heathde
ID: 33485024
Thanks for your responses...both replies provided direction for a solution.  We've decided on a hybrid model using AD authentication, denying anonymous users in IIS, then querying our account database for roles based upon the authenticated user id, and finally issuing a forms authentication ticket if an account exists.  Thanks!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question