«

Hello, I am in the design stages of an ASP.NET application for my
company, and I am wondering how I shoudl handle security. Even though
this application is going to be internal and only 2-3 users, who will
rarely change, they still insist on making it a web application. My
first inclination is to use the Web.config and use Authorization to
authorize the 3 users and deny everyone else. A couple of other apps
here connect to Active Directory and authenticate the users that way,
but I feel like that would be overkill and one more connection to
maintain. There is also the possibilty of having a SQL table. There
will be no login page, so any kind of authentication will be based on
the users Windows user id. Any thoughts? Thanks.

Windows authentication suit your needs. Windows authentication uses the
security features integrated in your operating system/corporate network user
names, passwords andpermissions to authenticate and authorize web
application users.

<autorisation>
<deny users="?">
<autorisation>

Best regards,
Paul Gielens

Visit my blog @ http://weblogs.asp.net/pgielens/
###


<> wrote in message
news: oups.com...
> Hello, I am in the design stages of an ASP.NET application for my
> company, and I am wondering how I shoudl handle security. Even though
> this application is going to be internal and only 2-3 users, who will
> rarely change, they still insist on making it a web application. My
> first inclination is to use the Web.config and use Authorization to
> authorize the 3 users and deny everyone else. A couple of other apps
> here connect to Active Directory and authenticate the users that way,
> but I feel like that would be overkill and one more connection to
> maintain. There is also the possibilty of having a SQL table. There
> will be no login page, so any kind of authentication will be based on
> the users Windows user id. Any thoughts? Thanks.
>
>

Please have a look at this link...

http://msdn.microsoft.com/library/de...horization.asp

HTH
--
Thanks,
Rahul Soni

--->The secret to creativity is knowing how to hide your sources<---



"Paul Gielens" wrote:

>
> Windows authentication suit your needs. Windows authentication uses the
> security features integrated in your operating system/corporate network user
> names, passwords andpermissions to authenticate and authorize web
> application users.
>
> <autorisation>
> <deny users="?">
> <autorisation>
>
> Best regards,
> Paul Gielens
>
> Visit my blog @ http://weblogs.asp.net/pgielens/
> ###
>
>
> <> wrote in message
> news: oups.com...
> > Hello, I am in the design stages of an ASP.NET application for my
> > company, and I am wondering how I shoudl handle security. Even though
> > this application is going to be internal and only 2-3 users, who will
> > rarely change, they still insist on making it a web application. My
> > first inclination is to use the Web.config and use Authorization to
> > authorize the 3 users and deny everyone else. A couple of other apps
> > here connect to Active Directory and authenticate the users that way,
> > but I feel like that would be overkill and one more connection to
> > maintain. There is also the possibilty of having a SQL table. There
> > will be no login page, so any kind of authentication will be based on
> > the users Windows user id. Any thoughts? Thanks.
> >
> >
>
>
>
>