What kind of authentication to use?
-
Dear all, I have a asp.net page to import some files from the local network and export them to other network locations or upload to ftp servers. the user can configure the import and export locations. im using also impersonation with a network domain account to set the read/write permissions on the network machines for the page. The webpage will be used most of the time locally on the webserver, or through lan. so i can't use iis security settings because everybody who is logged in on the webserver can change the iis settings or the web.config file. My question is how to secure the page in this situation? Thanks in advance.
-
Dear all, I have a asp.net page to import some files from the local network and export them to other network locations or upload to ftp servers. the user can configure the import and export locations. im using also impersonation with a network domain account to set the read/write permissions on the network machines for the page. The webpage will be used most of the time locally on the webserver, or through lan. so i can't use iis security settings because everybody who is logged in on the webserver can change the iis settings or the web.config file. My question is how to secure the page in this situation? Thanks in advance.
Priya Prk wrote:
everybody who is logged in on the webserver can change the iis settings or the web.config file. My question is how to secure the page in this situation?
Why would you allow users to change the web.config? How can a user change IIS setting? I think you have more problems with your design than just authentication.
I know the language. I've read a book. - _Madmatt
-
Priya Prk wrote:
everybody who is logged in on the webserver can change the iis settings or the web.config file. My question is how to secure the page in this situation?
Why would you allow users to change the web.config? How can a user change IIS setting? I think you have more problems with your design than just authentication.
I know the language. I've read a book. - _Madmatt
Hi Mark, the website will be hosted by the user's company. they can reach it through the local network, but some of them can also log in into the webserver's(iis) pc, in this case they can change the iis or the web.config file. But i want at lease prevent them to use the webapplication.
-
Hi Mark, the website will be hosted by the user's company. they can reach it through the local network, but some of them can also log in into the webserver's(iis) pc, in this case they can change the iis or the web.config file. But i want at lease prevent them to use the webapplication.
You can't. If they have root access they undo any changes you make to the config or settings.
I know the language. I've read a book. - _Madmatt