authentication complication (long)
-
I have a web app that I'm trying to write for use on my company's intranet. The concept is this: We have a lot of servers and a lot of people that need to do certain tasks (start and stop services, kill processes, etc.) on one server or another that all require local administrator rights on a server. We don't want to give these rights to people because that results in more power than the admins want people to have. Enter my app. I've already developed the functionality to do everything these people will need to do using C#. This is the sort of thing I have experience in. What's new to me is the ASP portion of things. My logic is that I need two parts to my authentication. Step one will take a username, password, and server name, check that the user's credentials are valid on the domain, and check that the user is in the appropriate active directory group. If the user passes this test, they will be granted access to the app, which itself will be impersonating a utility account that has full administrative priveliges. I think I have the second part figured out. I have an admin account username and password encrypted in the registry, and the following in web.config to authenticate with it: I think I have this much working, as I've been able to execute all of the fun code that I wouldn't be able to without admin rights. What I'm trying to figure out is how to do the first level of authentication. Basically what I'm trying to do is authenticate a username and password to grant access to an app but make the app impersonate a different username and password. Anybody have any thoughts on this? I haven't had any formal training in this area, so my main concerns are security risks I may be overlooking. Also, any suggestions on how to implement this? Thanks.
-
I have a web app that I'm trying to write for use on my company's intranet. The concept is this: We have a lot of servers and a lot of people that need to do certain tasks (start and stop services, kill processes, etc.) on one server or another that all require local administrator rights on a server. We don't want to give these rights to people because that results in more power than the admins want people to have. Enter my app. I've already developed the functionality to do everything these people will need to do using C#. This is the sort of thing I have experience in. What's new to me is the ASP portion of things. My logic is that I need two parts to my authentication. Step one will take a username, password, and server name, check that the user's credentials are valid on the domain, and check that the user is in the appropriate active directory group. If the user passes this test, they will be granted access to the app, which itself will be impersonating a utility account that has full administrative priveliges. I think I have the second part figured out. I have an admin account username and password encrypted in the registry, and the following in web.config to authenticate with it: I think I have this much working, as I've been able to execute all of the fun code that I wouldn't be able to without admin rights. What I'm trying to figure out is how to do the first level of authentication. Basically what I'm trying to do is authenticate a username and password to grant access to an app but make the app impersonate a different username and password. Anybody have any thoughts on this? I haven't had any formal training in this area, so my main concerns are security risks I may be overlooking. Also, any suggestions on how to implement this? Thanks.
Giving it a little more thought, I'm thinking I could just yank the the logged-in user's name from the registry when said user browses to the page and check that against the relevant active directory groups. My real concern is the potential security hole that is running through my head at the moment: Is it possible that someone else could write code that impersonated an administrator if they figured out where I stashed that info in the registry? Say Bob User was a local admin on Server1 but not Server2. If I had my encrypted account stored on Server1 and Bob found it, could he write an app just like mine that he could execute from Server1, impersonating the encrypted credentials, and use it to perform local admin operations on Server2?