Solved

AD LDS for authentication to web application

Posted on 2012-04-11
4
1,085 Views
Last Modified: 2013-11-19
Hi there. The company I work for is looking at using AD LDS for authentication and permissions for 3 web applications we currently run.

The applications are very archaic and use  MS SQL to store all data as well as passwords.

I am new to web applications and permissions. Can someone give me some detail as to how I would use AD LDS for authentication and to restrict access depending on the permission level? I would also like to know if there is a way to have a single sign on using AD LDS for all three websites?

The websites will be redeveloped but currently we are simply looking to improve security. I am unsure as to how permissions are currently done.

By the way, the websites hold confidential information so security is a priority.

Thank you
0
Comment
Question by:mig1980
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Accepted Solution

by:
CmdoProg2 earned 500 total points
ID: 37851560
I assume that your are using group/roles for permissions and assigning users to them (AD groups to authorization roles).  You can divide your site with subdirectories that can be restricted by roles.  You can also use the AD Groups as a SQL login in to grant exec permission, etc within your SQL database.  

In your web.config,  you can restrict a directory and adjust your menu by enabling security trimming. This trimming only shows the pages the user is authorized.

    <siteMap defaultProvider="DfltSite" enabled="true">
      <providers>
        <add name="DfltSite" description="Defaut SiteMap provider." type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
....
  <location path="Supervisors">
    <system.web>
      <authorization>
        <allow roles="DomainName\GroupName"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Open in new window

0
 

Author Comment

by:mig1980
ID: 37853675
That's a great point to assign groups to subdirectories. I never thought about it that way. Is there any documentation that anyone knows of that can detail what I would need to do to setup this structure for my three websites? I am fairly new to this but am exploring it as an option unless someone can tell me of a better option for what i need done.
0

Featured Post

Quiz: What Do These Organizations Have In Common?

Hint: Their teams ended up taking quizzes, too.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question