Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Aspx Sql Table authenication

Posted on 2014-02-03
8
Medium Priority
?
224 Views
Last Modified: 2014-05-22
Hello,
      Right now I have an IIS 7.5 server running a basic Windows Domain Aspx forms website. Right now I use the Web.config file to control access using a Domain Group. (Example 1) I want to change that over a MS SQL database.  Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)

What I have right now:
1)      I have is a SQL database table that has everyone’s “sAMAccountName” on the domain in it. (I have a VBS script that update it every night with user attributes)
2)      I have another Sql table what have will be used for access the Team portal.  This table will hold the names of the employees on the domain that can access this site. I’ll update this table from an Admin ASPX page.
a.	ID
b.	sAMAccountName
c.	TimeStamp

Open in new window

3)      I don’t want that users to have to enter any user name of password to log into the site. I want it to be automatic like it is now the the go to the link.

I don’t know if this makes any sense, but I’m not sure where to start or how to start googling for this.
Any ideas?
Example1
<configuration>
  <system.web>
    <authorization>
      <allow roles="DOMAIN\DomainSecurityGroup" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Open in new window

0
Comment
Question by:POOK-101
  • 5
  • 2
8 Comments
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832652
Code the onclick event of the link to make a lookup into the table you described in step 2, by user's name. If found, then redirect to the page with the access to the main table.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832663
...also (or instead of), code the same lookup in the onload event of the page with the main table. If lookup fails, don't show the table. This is to prevent the users from going to that page directly by typing its URL.
0
 

Author Comment

by:POOK-101
ID: 39832735
How do i apply that across all the pages and sub pages under folders? Do i have to make a lookup for each page?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832785
>  Do i have to make a lookup for each page?

Yes. In each page that shows the table. Or, you can perform this lookup only once in some start page, store results in a session cookie, and have each page that gives access to the table to check that cookie.

I don't understand something... You said that the reason you want this is because adding user to active directory takes too long. At the same time, you want to base giving the access on the "table will hold the names of the employees on the domain that can access this site." If the employee hasn't been yet enrolled in the domain, then how can you have their name in the table? How will the page know what employee's name to look up in your admin table with access rights?
0
 
LVL 29

Accepted Solution

by:
sammySeltzer earned 1500 total points
ID: 39832786
Hi,

You are trying to get away from using Active Directory to authenticate users.

You also don't want users to have to enter username/password to access the website.

That tells me that all you would need to do then is create just one account with SQL Server Authentication mode.

Give it read or write or both permissions.

Then put that in your web.config file and that's it.

So, let's assume that you created an account called DomainSecurityGroup using SQL Server authentication mode.

Give it the same permission that you are currently giving to your Active Directory users.

Then reference that in web.config file like this:

    <add name="dbUsers" connectionString="Data Source=yourServerName;Initial Catalog=yourDBName;User ID=DomainSecurityGroup;Password=the Password Name" providerName="System.Data.SqlClient" />

dbUsers is the connection string that you will need to reference on your code:

 Dim connSt As String = ConfigurationManager.ConnectionStrings("DBUsers").ConnectionString

Open in new window


Whatever permission you give to DomainSecurityGroup will be inherited by all your users.

That's it unless I missed your question.

BTW: You grant permission to DomainSecurityGroup on your database, not on all the tables; just on the database and the tables will inherit that permission.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832799
@sammySeltzer, if I understand correctly, the author does not want to give access to all users, but only to those who are in the special table managed by admin.
0
 

Author Comment

by:POOK-101
ID: 39832916
Correct.

 So the page will look to who is connecting (get the AD user name), then check the SQL database to see if the have access.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39833120
But you said that all this was exactly to avoid waiting for the enrollment in AD? (Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)) Or is it that creating the user in AD is fast, but adding to the group is the problem? That would seem like more an organizational problem... that should have some easy organizational solution...

Regardless, this method, with separate table and lookups into it, makes sense anyways. If you implement access to the table only as permissions in SQL Server, then the pages will be accessing the table always, and those users who don't have permissions will be getting an error, which you will have to intercept in code in order to show some user-friendly message.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question