|
Windows authentication with custom user store
I'm building a solution that uses Windows authentication. However, the
Windows users that are allowed to login and use the application are defined in a custom user store. If a user is successfully authenticated by Windows, access should be denied to if the user isn't in the custom user store. Using roles to authorize the users would be a good solution, but the fact is, that the web application uses both asp.net and classical asp. What other options could be used? I'm thinking of a custom SessionStateUtility that only issues a new session after the authenticated user is located in the user store. |
RE: Windows authentication with custom user store
Another option could be the use of a custom "authentication cookie" that is
issued after the user is located in the user store. This cookie should then be checked in every request. What would be a good technique for this solution? |
RE: Windows authentication with custom user store
You can write an HttpModule that handles AuthorizeRequest (or in global.asax
for a start) in this event you can check your userstore and see if the user is in the allowed list. This event gets called on every request - once you have this working, you can think about optimizations, like a cookie or a flag in the cache... ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > Another option could be the use of a custom "authentication cookie" > that is issued after the user is located in the user store. This > cookie should then be checked in every request. What would be a good > technique for this solution? > |
| All times are GMT. The time now is 10:15 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.