Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Aspx Sql Table authenication

Posted on 2014-02-03
8
216 Views
Last Modified: 2014-05-22
Hello,
      Right now I have an IIS 7.5 server running a basic Windows Domain Aspx forms website. Right now I use the Web.config file to control access using a Domain Group. (Example 1) I want to change that over a MS SQL database.  Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)

What I have right now:
1)      I have is a SQL database table that has everyone’s “sAMAccountName” on the domain in it. (I have a VBS script that update it every night with user attributes)
2)      I have another Sql table what have will be used for access the Team portal.  This table will hold the names of the employees on the domain that can access this site. I’ll update this table from an Admin ASPX page.
a.	ID
b.	sAMAccountName
c.	TimeStamp

Open in new window

3)      I don’t want that users to have to enter any user name of password to log into the site. I want it to be automatic like it is now the the go to the link.

I don’t know if this makes any sense, but I’m not sure where to start or how to start googling for this.
Any ideas?
Example1
<configuration>
  <system.web>
    <authorization>
      <allow roles="DOMAIN\DomainSecurityGroup" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Open in new window

0
Comment
Question by:POOK-101
  • 5
  • 2
8 Comments
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832652
Code the onclick event of the link to make a lookup into the table you described in step 2, by user's name. If found, then redirect to the page with the access to the main table.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832663
...also (or instead of), code the same lookup in the onload event of the page with the main table. If lookup fails, don't show the table. This is to prevent the users from going to that page directly by typing its URL.
0
 

Author Comment

by:POOK-101
ID: 39832735
How do i apply that across all the pages and sub pages under folders? Do i have to make a lookup for each page?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832785
>  Do i have to make a lookup for each page?

Yes. In each page that shows the table. Or, you can perform this lookup only once in some start page, store results in a session cookie, and have each page that gives access to the table to check that cookie.

I don't understand something... You said that the reason you want this is because adding user to active directory takes too long. At the same time, you want to base giving the access on the "table will hold the names of the employees on the domain that can access this site." If the employee hasn't been yet enrolled in the domain, then how can you have their name in the table? How will the page know what employee's name to look up in your admin table with access rights?
0
 
LVL 28

Accepted Solution

by:
sammySeltzer earned 500 total points
ID: 39832786
Hi,

You are trying to get away from using Active Directory to authenticate users.

You also don't want users to have to enter username/password to access the website.

That tells me that all you would need to do then is create just one account with SQL Server Authentication mode.

Give it read or write or both permissions.

Then put that in your web.config file and that's it.

So, let's assume that you created an account called DomainSecurityGroup using SQL Server authentication mode.

Give it the same permission that you are currently giving to your Active Directory users.

Then reference that in web.config file like this:

    <add name="dbUsers" connectionString="Data Source=yourServerName;Initial Catalog=yourDBName;User ID=DomainSecurityGroup;Password=the Password Name" providerName="System.Data.SqlClient" />

dbUsers is the connection string that you will need to reference on your code:

 Dim connSt As String = ConfigurationManager.ConnectionStrings("DBUsers").ConnectionString

Open in new window


Whatever permission you give to DomainSecurityGroup will be inherited by all your users.

That's it unless I missed your question.

BTW: You grant permission to DomainSecurityGroup on your database, not on all the tables; just on the database and the tables will inherit that permission.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832799
@sammySeltzer, if I understand correctly, the author does not want to give access to all users, but only to those who are in the special table managed by admin.
0
 

Author Comment

by:POOK-101
ID: 39832916
Correct.

 So the page will look to who is connecting (get the AD user name), then check the SQL database to see if the have access.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39833120
But you said that all this was exactly to avoid waiting for the enrollment in AD? (Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)) Or is it that creating the user in AD is fast, but adding to the group is the problem? That would seem like more an organizational problem... that should have some easy organizational solution...

Regardless, this method, with separate table and lookups into it, makes sense anyways. If you implement access to the table only as permissions in SQL Server, then the pages will be accessing the table always, and those users who don't have permissions will be getting an error, which you will have to intercept in code in order to show some user-friendly message.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question