Solved

Aspx Sql Table authenication

Posted on 2014-02-03
8
217 Views
Last Modified: 2014-05-22
Hello,
      Right now I have an IIS 7.5 server running a basic Windows Domain Aspx forms website. Right now I use the Web.config file to control access using a Domain Group. (Example 1) I want to change that over a MS SQL database.  Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)

What I have right now:
1)      I have is a SQL database table that has everyone’s “sAMAccountName” on the domain in it. (I have a VBS script that update it every night with user attributes)
2)      I have another Sql table what have will be used for access the Team portal.  This table will hold the names of the employees on the domain that can access this site. I’ll update this table from an Admin ASPX page.
a.	ID
b.	sAMAccountName
c.	TimeStamp

Open in new window

3)      I don’t want that users to have to enter any user name of password to log into the site. I want it to be automatic like it is now the the go to the link.

I don’t know if this makes any sense, but I’m not sure where to start or how to start googling for this.
Any ideas?
Example1
<configuration>
  <system.web>
    <authorization>
      <allow roles="DOMAIN\DomainSecurityGroup" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Open in new window

0
Comment
Question by:POOK-101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832652
Code the onclick event of the link to make a lookup into the table you described in step 2, by user's name. If found, then redirect to the page with the access to the main table.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832663
...also (or instead of), code the same lookup in the onload event of the page with the main table. If lookup fails, don't show the table. This is to prevent the users from going to that page directly by typing its URL.
0
 

Author Comment

by:POOK-101
ID: 39832735
How do i apply that across all the pages and sub pages under folders? Do i have to make a lookup for each page?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832785
>  Do i have to make a lookup for each page?

Yes. In each page that shows the table. Or, you can perform this lookup only once in some start page, store results in a session cookie, and have each page that gives access to the table to check that cookie.

I don't understand something... You said that the reason you want this is because adding user to active directory takes too long. At the same time, you want to base giving the access on the "table will hold the names of the employees on the domain that can access this site." If the employee hasn't been yet enrolled in the domain, then how can you have their name in the table? How will the page know what employee's name to look up in your admin table with access rights?
0
 
LVL 28

Accepted Solution

by:
sammySeltzer earned 500 total points
ID: 39832786
Hi,

You are trying to get away from using Active Directory to authenticate users.

You also don't want users to have to enter username/password to access the website.

That tells me that all you would need to do then is create just one account with SQL Server Authentication mode.

Give it read or write or both permissions.

Then put that in your web.config file and that's it.

So, let's assume that you created an account called DomainSecurityGroup using SQL Server authentication mode.

Give it the same permission that you are currently giving to your Active Directory users.

Then reference that in web.config file like this:

    <add name="dbUsers" connectionString="Data Source=yourServerName;Initial Catalog=yourDBName;User ID=DomainSecurityGroup;Password=the Password Name" providerName="System.Data.SqlClient" />

dbUsers is the connection string that you will need to reference on your code:

 Dim connSt As String = ConfigurationManager.ConnectionStrings("DBUsers").ConnectionString

Open in new window


Whatever permission you give to DomainSecurityGroup will be inherited by all your users.

That's it unless I missed your question.

BTW: You grant permission to DomainSecurityGroup on your database, not on all the tables; just on the database and the tables will inherit that permission.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832799
@sammySeltzer, if I understand correctly, the author does not want to give access to all users, but only to those who are in the special table managed by admin.
0
 

Author Comment

by:POOK-101
ID: 39832916
Correct.

 So the page will look to who is connecting (get the AD user name), then check the SQL database to see if the have access.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39833120
But you said that all this was exactly to avoid waiting for the enrollment in AD? (Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)) Or is it that creating the user in AD is fast, but adding to the group is the problem? That would seem like more an organizational problem... that should have some easy organizational solution...

Regardless, this method, with separate table and lookups into it, makes sense anyways. If you implement access to the table only as permissions in SQL Server, then the pages will be accessing the table always, and those users who don't have permissions will be getting an error, which you will have to intercept in code in order to show some user-friendly message.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question