[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

AD LDS for authentication to web application

Posted on 2012-04-11
4
Medium Priority
?
1,089 Views
Last Modified: 2013-11-19
Hi there. The company I work for is looking at using AD LDS for authentication and permissions for 3 web applications we currently run.

The applications are very archaic and use  MS SQL to store all data as well as passwords.

I am new to web applications and permissions. Can someone give me some detail as to how I would use AD LDS for authentication and to restrict access depending on the permission level? I would also like to know if there is a way to have a single sign on using AD LDS for all three websites?

The websites will be redeveloped but currently we are simply looking to improve security. I am unsure as to how permissions are currently done.

By the way, the websites hold confidential information so security is a priority.

Thank you
0
Comment
Question by:mig1980
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Accepted Solution

by:
CmdoProg2 earned 2000 total points
ID: 37851560
I assume that your are using group/roles for permissions and assigning users to them (AD groups to authorization roles).  You can divide your site with subdirectories that can be restricted by roles.  You can also use the AD Groups as a SQL login in to grant exec permission, etc within your SQL database.  

In your web.config,  you can restrict a directory and adjust your menu by enabling security trimming. This trimming only shows the pages the user is authorized.

    <siteMap defaultProvider="DfltSite" enabled="true">
      <providers>
        <add name="DfltSite" description="Defaut SiteMap provider." type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
....
  <location path="Supervisors">
    <system.web>
      <authorization>
        <allow roles="DomainName\GroupName"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Open in new window

0
 

Author Comment

by:mig1980
ID: 37853675
That's a great point to assign groups to subdirectories. I never thought about it that way. Is there any documentation that anyone knows of that can detail what I would need to do to setup this structure for my three websites? I am fairly new to this but am exploring it as an option unless someone can tell me of a better option for what i need done.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question