• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 993
  • Last Modified:

Pass-Through Authentication from Active Directory to ASP.Net

Hello,
I have an ASP.Net application using forms authentication against an SQL database which also provides roles and other privileges based upon the user ID.  We want to integrate the application with Active Directory to provide a single login to the user.  Then when the user attempts to access the ASP.Net application the user identity will be obtained from the network login, the SQL database queried to set roles (if they have an account with roles defined…otherwise redirect to page instructing them to request an account), set their session variables, and redirect them to the appropriate page.  Seems simple enough.

Here’s what I could use some assistance with:
1.  What security settings are required for IIS 6.0 to work with ASP.Net and this authentication method?  Remove “Anonymous Access” and use “Integrated Windows Authentication”?
2.  Is the authentication method in web.config now “Windows” rather than “Forms Authentication”?  If I’m getting the user identify from the network login all I need to do is get their roles from the database and set their session...as long as the session has not expired the user can access what their roles allow in the application.
3.  How can I best simulate a domain/AD environment on an XP development laptop?  Or do I just use windows authentication in XP as a “network like” login…in other words a different authentication approach in development versus production.  I do have remote access to a development system that is identical to production but only test what has been developed on the XP laptop.

My experience is data management and web applications and I have very little experience or knowledge with server configurations or active directory.  Any input, code examples, links, would be appreciated.  Thanks!
0
heathde
Asked:
heathde
  • 3
  • 2
2 Solutions
 
guru_samiCommented:
-->We want to integrate the application with Active Directory to provide a single login to the user.
So now do you want to move completely to Windows authentication or part of your users will still use SQL Login?
If just Windows, yes you need to set Mode="Windows" in the web.config and set Intergrated Windows with no anonymous access.
If both then you will need a bit of work.
for Roles this might be helpful:
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
0
 
heathdeAuthor Commented:
The SQL database will still be used for roles and other user privileges within the application.  All we need to do is get the authenticated user id from the Network login and query the database for roles and set the session variables.
0
 
HairbrushCommented:
If your development laptop running XP is not part of an Active Directory domain, you can still test as if it were by creating local users and groups (go to control panel, click "Administrative Tools" and select "Computer Management" then "Local Users and Groups".

Your "domain" will be your computer name.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
guru_samiCommented:
-->All we need to do is get the authenticated user id from the Network login and query the database for roles
Ok then the link provided should help you. Did you try that?
0
 
heathdeAuthor Commented:
guru_sami,
I'm actually reviewing that article and related links right now...
0
 
heathdeAuthor Commented:
Thanks for your responses...both replies provided direction for a solution.  We've decided on a hybrid model using AD authentication, denying anonymous users in IIS, then querying our account database for roles based upon the authenticated user id, and finally issuing a forms authentication ticket if an account exists.  Thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now