Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   What is best practice: Combining anonymous logon with windows logon? (http://www.velocityreviews.com/forums/t768052-what-is-best-practice-combining-anonymous-logon-with-windows-logon.html)

Kjell Kristiansson 11-30-2005 12:53 PM

What is best practice: Combining anonymous logon with windows logon?
 
Asp.Net 1.1, Win2k Server

In my application I want to achieve the following on alla pages in the
solution:
- an anonymous user will get a limited set of options
- an ananymous user shall have the option to logon or continue as
anonymous
- a user already logged on to the domain shall not have to logon again
- different users get different options depending on group (role)
I would prefere to keep all applications in the same directory and thus
not
tamper with file access rights but rather handle authorisation in the
application.

Independent of user I need to access the Registry for configuration
settings.

I have made a number of experiments and stepped into several problems
like:

If I allow Anonymous access I am not able to find real user. Possible?
If I deny Anonymous users everybody has to logon. (using windows auth)
If I set impersonate I can not access the registry. Solution?

I am sure there is a nice solution to this. It should not be too uncommon
a
problem.
What would be considered Best Practice for this?

Kjell K
PS. I write this in VB but C# is no problem.





All times are GMT. The time now is 04:31 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.