Solved

AD LDS for authentication to web application

Posted on 2012-04-11
4
1,083 Views
Last Modified: 2013-11-19
Hi there. The company I work for is looking at using AD LDS for authentication and permissions for 3 web applications we currently run.

The applications are very archaic and use  MS SQL to store all data as well as passwords.

I am new to web applications and permissions. Can someone give me some detail as to how I would use AD LDS for authentication and to restrict access depending on the permission level? I would also like to know if there is a way to have a single sign on using AD LDS for all three websites?

The websites will be redeveloped but currently we are simply looking to improve security. I am unsure as to how permissions are currently done.

By the way, the websites hold confidential information so security is a priority.

Thank you
0
Comment
Question by:mig1980
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Accepted Solution

by:
CmdoProg2 earned 500 total points
ID: 37851560
I assume that your are using group/roles for permissions and assigning users to them (AD groups to authorization roles).  You can divide your site with subdirectories that can be restricted by roles.  You can also use the AD Groups as a SQL login in to grant exec permission, etc within your SQL database.  

In your web.config,  you can restrict a directory and adjust your menu by enabling security trimming. This trimming only shows the pages the user is authorized.

    <siteMap defaultProvider="DfltSite" enabled="true">
      <providers>
        <add name="DfltSite" description="Defaut SiteMap provider." type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
....
  <location path="Supervisors">
    <system.web>
      <authorization>
        <allow roles="DomainName\GroupName"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Open in new window

0
 

Author Comment

by:mig1980
ID: 37853675
That's a great point to assign groups to subdirectories. I never thought about it that way. Is there any documentation that anyone knows of that can detail what I would need to do to setup this structure for my three websites? I am fairly new to this but am exploring it as an option unless someone can tell me of a better option for what i need done.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
A hard and fast method for reducing Active Directory Administrators members.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question