Solved

Aspx Sql Table authenication

Posted on 2014-02-03
8
212 Views
Last Modified: 2014-05-22
Hello,
      Right now I have an IIS 7.5 server running a basic Windows Domain Aspx forms website. Right now I use the Web.config file to control access using a Domain Group. (Example 1) I want to change that over a MS SQL database.  Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)

What I have right now:
1)      I have is a SQL database table that has everyone’s “sAMAccountName” on the domain in it. (I have a VBS script that update it every night with user attributes)
2)      I have another Sql table what have will be used for access the Team portal.  This table will hold the names of the employees on the domain that can access this site. I’ll update this table from an Admin ASPX page.
a.	ID
b.	sAMAccountName
c.	TimeStamp

Open in new window

3)      I don’t want that users to have to enter any user name of password to log into the site. I want it to be automatic like it is now the the go to the link.

I don’t know if this makes any sense, but I’m not sure where to start or how to start googling for this.
Any ideas?
Example1
<configuration>
  <system.web>
    <authorization>
      <allow roles="DOMAIN\DomainSecurityGroup" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Open in new window

0
Comment
Question by:POOK-101
  • 5
  • 2
8 Comments
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832652
Code the onclick event of the link to make a lookup into the table you described in step 2, by user's name. If found, then redirect to the page with the access to the main table.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832663
...also (or instead of), code the same lookup in the onload event of the page with the main table. If lookup fails, don't show the table. This is to prevent the users from going to that page directly by typing its URL.
0
 

Author Comment

by:POOK-101
ID: 39832735
How do i apply that across all the pages and sub pages under folders? Do i have to make a lookup for each page?
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832785
>  Do i have to make a lookup for each page?

Yes. In each page that shows the table. Or, you can perform this lookup only once in some start page, store results in a session cookie, and have each page that gives access to the table to check that cookie.

I don't understand something... You said that the reason you want this is because adding user to active directory takes too long. At the same time, you want to base giving the access on the "table will hold the names of the employees on the domain that can access this site." If the employee hasn't been yet enrolled in the domain, then how can you have their name in the table? How will the page know what employee's name to look up in your admin table with access rights?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 28

Accepted Solution

by:
sammySeltzer earned 500 total points
ID: 39832786
Hi,

You are trying to get away from using Active Directory to authenticate users.

You also don't want users to have to enter username/password to access the website.

That tells me that all you would need to do then is create just one account with SQL Server Authentication mode.

Give it read or write or both permissions.

Then put that in your web.config file and that's it.

So, let's assume that you created an account called DomainSecurityGroup using SQL Server authentication mode.

Give it the same permission that you are currently giving to your Active Directory users.

Then reference that in web.config file like this:

    <add name="dbUsers" connectionString="Data Source=yourServerName;Initial Catalog=yourDBName;User ID=DomainSecurityGroup;Password=the Password Name" providerName="System.Data.SqlClient" />

dbUsers is the connection string that you will need to reference on your code:

 Dim connSt As String = ConfigurationManager.ConnectionStrings("DBUsers").ConnectionString

Open in new window


Whatever permission you give to DomainSecurityGroup will be inherited by all your users.

That's it unless I missed your question.

BTW: You grant permission to DomainSecurityGroup on your database, not on all the tables; just on the database and the tables will inherit that permission.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39832799
@sammySeltzer, if I understand correctly, the author does not want to give access to all users, but only to those who are in the special table managed by admin.
0
 

Author Comment

by:POOK-101
ID: 39832916
Correct.

 So the page will look to who is connecting (get the AD user name), then check the SQL database to see if the have access.
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39833120
But you said that all this was exactly to avoid waiting for the enrollment in AD? (Why…? Since getting users added to the Active Directory Domain group takes why too long in our environment. (bla, bla, paperwork)) Or is it that creating the user in AD is fast, but adding to the group is the problem? That would seem like more an organizational problem... that should have some easy organizational solution...

Regardless, this method, with separate table and lookups into it, makes sense anyways. If you implement access to the table only as permissions in SQL Server, then the pages will be accessing the table always, and those users who don't have permissions will be getting an error, which you will have to intercept in code in order to show some user-friendly message.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now