473,396 Members | 2,020 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > securing a asp web application

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Securing a ASP web application

Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?
Jul 19 '05 #1
1 1381
You would need both Anonymous and Integrated Authentication turned on.

Jeff

"Graeme Coutts" <Graeme Co****@discussions.microsoft.com> wrote in message
news:A9**********************************@microsof t.com...
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The
username works in a mixed-mode of usernames matched with the windows login
name and some extra accounts (similar to SQL mixed-mode security). Web
application is executed both in the corporate intranet and externally on the
web. Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response
(response.status=401) to get a user's window login through the
ServerVariables. This seems to work OK for the intranet access. If the
user's windows account is not located in the application database then I
redirect to the standard login page for the username/password combination.
When the application is executed across the internet through a firewall, the
user is prompted by IE to enter the windows domain, username, and password.
There seems to be no mechanism to avoid this because of the
challenge/response code. I wish that with external access from the internet
that users are automatically directed to the application login screen and
not faced with the IE windows authentication dialog. Anyone care to offer a solution?

Jul 19 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
Securing 'pickle'
by: David McNab | last post by:
Hi, I'm writing a web app framework which stores pickles in client cookies. The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try tampering with the cookie and malforming...
Python
11
Securing a Database
by: Susan Bricker | last post by:
Greetings. I am looking for some advice on making a database secure. By secure, I mean that I want only certain people to have write access to the database and I want the updates to be permitted...
Microsoft Access / VBA
7
Securing A Folder On A Server
by: Tom | last post by:
Can anyone give me any advice on how to secure a folder on a network server so that documents in the folder can only be opened through an Access database or by the database admin. I need to store...
Microsoft Access / VBA
11
Securing hashing algorithm
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
C# / C Sharp
1
securing dll
by: ven | last post by:
hello i wanna ask for securing application dll in asp.net in framework 1.1 i have to use dotfuscator to simply and poor secure of my dll so it will be better compiler in framework 2.0 or some...
ASP.NET
9
I have carried out the Keith Wilby stepwise approach to securing an MDB but I am not sure what I have achieved
by: carriolan | last post by:
Hi Hi As daft as it may sound I have carried out the approach detailed by Keith Wilby on his site www.keithwilby.com/ down to and inclusive of import objects. I have established that: 1....
Microsoft Access / VBA
4
Securing both front end and back end
by: Brad P | last post by:
I have a 2K database with a front end linked to a back end. I need to lock down or secure both ends so a user can not access the raw data in tables etc. I also need usernames and passwords for 50+...
Microsoft Access / VBA
2
Frinavale
Securing a Connection String Within A Class Library
by: Frinavale | last post by:
Hello everyone! I'm having a problem securing my connection string. There are a lot of sites out there that explain how to secure a connection string in the Web.config or App.config file;...
.NET Framework
4
Securing web service
by: =?Utf-8?B?aGlsZXlq?= | last post by:
Hi, I'm developing a web service that needs to communicate with a custom application on an intranet. There is also a configuration utility which may be run on a different server machine for...
.NET Framework
10
Re: Advice on securing a sensitive Access database
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1....
Microsoft Access / VBA
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!