Interesting authentication question
-
Hello all gurus out there, I’m facing a bit of a problem I hope you can help me with it. Here is the situation. 1- I’m developing an application with ASP.Net/VB.Net the application is hosted on one server and tries to access files that resides on a different server, both servers are on the same network. 2- The web application is used only from within the network (Intranet) 3- There is a user group already exists for the people who are allowed to use the application, the user group has all the necessary permissions to the file server. 4- I have a login screen for the application, but only check the login name and password against a database of allowed users - not against the windows login- but the code runs using the default Aspnet account. Now the questions are: 1- How can I handle the Authentication so that the web application can read/write files to the file server. 2- Is it possible to use the current existing user group to handle the authentication/authorization across the network? 3- How to use the login information supplied at the application login to be used across the network instead of the workstation credentials (basically if person A is logged in to the work station, but person B used the workstation to login to the application, how can I maintain person B credentials and used across the network. A side question, when the application is running, how can I know under what account is it running? Like how can I know if it is running as anonymous or under the AspNet account, or any different account? Thank you very much in advance, all your help is appreciated
-
Hello all gurus out there, I’m facing a bit of a problem I hope you can help me with it. Here is the situation. 1- I’m developing an application with ASP.Net/VB.Net the application is hosted on one server and tries to access files that resides on a different server, both servers are on the same network. 2- The web application is used only from within the network (Intranet) 3- There is a user group already exists for the people who are allowed to use the application, the user group has all the necessary permissions to the file server. 4- I have a login screen for the application, but only check the login name and password against a database of allowed users - not against the windows login- but the code runs using the default Aspnet account. Now the questions are: 1- How can I handle the Authentication so that the web application can read/write files to the file server. 2- Is it possible to use the current existing user group to handle the authentication/authorization across the network? 3- How to use the login information supplied at the application login to be used across the network instead of the workstation credentials (basically if person A is logged in to the work station, but person B used the workstation to login to the application, how can I maintain person B credentials and used across the network. A side question, when the application is running, how can I know under what account is it running? Like how can I know if it is running as anonymous or under the AspNet account, or any different account? Thank you very much in advance, all your help is appreciated
Wow, tons of good questions, I will answer what I can. :) 1 - Does each user access a separate area of the file server, or is it common for all users? If it is common for all users, You can give the ASPnet account the essential rights on the file server. All your aspx pages operate in the ASPnet user's context. Also, you can change the machine.config file to run using any Windows account, but the password is stored in clear text in the file. If it is different for each user, you should probably look into Impersonation. You can programatically change the account that the code is executing with. See ASP.Net Impersonation on MSDN. It is not very difficult, only a dozen or so lines of code. 2 - Why not use Windows authentication instead of forms authentication? No need for a login page. Set up the site in IIS for Windows authentication and let IIS do the work. This won't work securely for all browsers though. 3 - See above answers. Side - ASPX pages run under the ASPnet user's context unless you have edited machine.config to use a different account. HTML/ASP pages run in the context of the IIS anonymous user (if that is what is assigned in the IIS console). Using Impersonation you can get the ASPX pages to use the user account assigned by IIS. Dave