Solved

Aspx Sql Table authenication

Posted on 2014-02-03
8
211 Views
Last Modified: 2014-05-22
Hello,
      Right now I have an IIS 7.5 server running a basic Windows Domain Aspx forms website. Right now I use the Web.config file to control access using a Domain Group. (Example 1) I want to change that over a MS SQL database.  Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)

What I have right now:
1)      I have is a SQL database table that has everyone’s “sAMAccountName” on the domain in it. (I have a VBS script that update it every night with user attributes)
2)      I have another Sql table what have will be used for access the Team portal.  This table will hold the names of the employees on the domain that can access this site. I’ll update this table from an Admin ASPX page.
a.	ID
b.	sAMAccountName
c.	TimeStamp

Open in new window

3)      I don’t want that users to have to enter any user name of password to log into the site. I want it to be automatic like it is now the the go to the link.

I don’t know if this makes any sense, but I’m not sure where to start or how to start googling for this.
Any ideas?
Example1
<configuration>
  <system.web>
    <authorization>
      <allow roles="DOMAIN\DomainSecurityGroup" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Open in new window

0
Comment
Question by:POOK-101
  • 5
  • 2
8 Comments
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832652
Code the onclick event of the link to make a lookup into the table you described in step 2, by user's name. If found, then redirect to the page with the access to the main table.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832663
...also (or instead of), code the same lookup in the onload event of the page with the main table. If lookup fails, don't show the table. This is to prevent the users from going to that page directly by typing its URL.
0
 

Author Comment

by:POOK-101
ID: 39832735
How do i apply that across all the pages and sub pages under folders? Do i have to make a lookup for each page?
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832785
>  Do i have to make a lookup for each page?

Yes. In each page that shows the table. Or, you can perform this lookup only once in some start page, store results in a session cookie, and have each page that gives access to the table to check that cookie.

I don't understand something... You said that the reason you want this is because adding user to active directory takes too long. At the same time, you want to base giving the access on the "table will hold the names of the employees on the domain that can access this site." If the employee hasn't been yet enrolled in the domain, then how can you have their name in the table? How will the page know what employee's name to look up in your admin table with access rights?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 28

Accepted Solution

by:
sammySeltzer earned 500 total points
ID: 39832786
Hi,

You are trying to get away from using Active Directory to authenticate users.

You also don't want users to have to enter username/password to access the website.

That tells me that all you would need to do then is create just one account with SQL Server Authentication mode.

Give it read or write or both permissions.

Then put that in your web.config file and that's it.

So, let's assume that you created an account called DomainSecurityGroup using SQL Server authentication mode.

Give it the same permission that you are currently giving to your Active Directory users.

Then reference that in web.config file like this:

    <add name="dbUsers" connectionString="Data Source=yourServerName;Initial Catalog=yourDBName;User ID=DomainSecurityGroup;Password=the Password Name" providerName="System.Data.SqlClient" />

dbUsers is the connection string that you will need to reference on your code:

 Dim connSt As String = ConfigurationManager.ConnectionStrings("DBUsers").ConnectionString

Open in new window


Whatever permission you give to DomainSecurityGroup will be inherited by all your users.

That's it unless I missed your question.

BTW: You grant permission to DomainSecurityGroup on your database, not on all the tables; just on the database and the tables will inherit that permission.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832799
@sammySeltzer, if I understand correctly, the author does not want to give access to all users, but only to those who are in the special table managed by admin.
0
 

Author Comment

by:POOK-101
ID: 39832916
Correct.

 So the page will look to who is connecting (get the AD user name), then check the SQL database to see if the have access.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39833120
But you said that all this was exactly to avoid waiting for the enrollment in AD? (Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)) Or is it that creating the user in AD is fast, but adding to the group is the problem? That would seem like more an organizational problem... that should have some easy organizational solution...

Regardless, this method, with separate table and lookups into it, makes sense anyways. If you implement access to the table only as permissions in SQL Server, then the pages will be accessing the table always, and those users who don't have permissions will be getting an error, which you will have to intercept in code in order to show some user-friendly message.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now