?
Solved

AD LDS for authentication to web application

Posted on 2012-04-11
4
Medium Priority
?
1,087 Views
Last Modified: 2013-11-19
Hi there. The company I work for is looking at using AD LDS for authentication and permissions for 3 web applications we currently run.

The applications are very archaic and use  MS SQL to store all data as well as passwords.

I am new to web applications and permissions. Can someone give me some detail as to how I would use AD LDS for authentication and to restrict access depending on the permission level? I would also like to know if there is a way to have a single sign on using AD LDS for all three websites?

The websites will be redeveloped but currently we are simply looking to improve security. I am unsure as to how permissions are currently done.

By the way, the websites hold confidential information so security is a priority.

Thank you
0
Comment
Question by:mig1980
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Accepted Solution

by:
CmdoProg2 earned 2000 total points
ID: 37851560
I assume that your are using group/roles for permissions and assigning users to them (AD groups to authorization roles).  You can divide your site with subdirectories that can be restricted by roles.  You can also use the AD Groups as a SQL login in to grant exec permission, etc within your SQL database.  

In your web.config,  you can restrict a directory and adjust your menu by enabling security trimming. This trimming only shows the pages the user is authorized.

    <siteMap defaultProvider="DfltSite" enabled="true">
      <providers>
        <add name="DfltSite" description="Defaut SiteMap provider." type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
....
  <location path="Supervisors">
    <system.web>
      <authorization>
        <allow roles="DomainName\GroupName"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Open in new window

0
 

Author Comment

by:mig1980
ID: 37853675
That's a great point to assign groups to subdirectories. I never thought about it that way. Is there any documentation that anyone knows of that can detail what I would need to do to setup this structure for my three websites? I am fairly new to this but am exploring it as an option unless someone can tell me of a better option for what i need done.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question