We have an intranet application that is under Integrated security. So in
theory, anyone who has an Active Directory account in the company can access
my app.
So, to allow only certain users, I created a user table of domain accounts
and check these in the Application_Acq uireRequestStat e event by comparing the
Identity.Name to names in my table. If OK, I set a session variable
HasAccess to "1" since sessions are available in this event.
Then, on subsequent page requests, this event checks the
Request.IsAuthe nticated and then the Session["HasAccess"] to allow them in
or not.
Is this approach valid or is there a better way? It seems to work OK,
except I have webservices on the site as well which, when requested, also
fires the Application_Acq uireRequestStat e event BUT when I try to access the
Session variables, it returns a null object reference because it seems the
Session is never actually created by a webservice request. 1 3633
Hi Dave:
Session state is disabled by default for asmx, but you can change the
default.
Another idea is to organize authorized users into an Active Directory
group in your domain. Then you add an <authorizatio n> section to
web.config and restrict the app to just members of the group. No extra
code required!
--
Scott http://www.OdeToCode.com/blogs/scott/
On Wed, 2 Mar 2005 09:59:06 -0800, "Dave"
<Da**@discussio ns.microsoft.co m> wrote: We have an intranet application that is under Integrated security. So in theory, anyone who has an Active Directory account in the company can access my app.
So, to allow only certain users, I created a user table of domain accounts and check these in the Application_Acq uireRequestStat e event by comparing the Identity.Nam e to names in my table. If OK, I set a session variable HasAccess to "1" since sessions are available in this event.
Then, on subsequent page requests, this event checks the Request.IsAuth enticated and then the Session["HasAccess"] to allow them in or not.
Is this approach valid or is there a better way? It seems to work OK, except I have webservices on the site as well which, when requested, also fires the Application_Acq uireRequestStat e event BUT when I try to access the Session variables, it returns a null object reference because it seems the Session is never actually created by a webservice request. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Gerry |
last post by:
I have a developer here with a website running with only "Windows
Integrated Authentication" set on a Windows 2000 member server that
uses GetObject to get a user's group membership in the domain. This is
the code she's using:
set adsUser = getobject("WinNT://" & strUsername)
for each group in adsUser.groups
GrpList = GrpList & lcase(trim(group.name)) & ";"
next
|
by: Paul |
last post by:
Hi all, at present I I've built a website which can be updated by admin and
users.
My problem, I've combined "log in" and "access levels" to restrict access to
certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.
|
by: Sudheer |
last post by:
Hi All,
We need to restrict multiple users login to the system. If one user is
online with one userID, we need to show the message "This user already logs
in to the system" to the other user who tries to login with the same userID.
We are using C#.
Please help us how we can do this.
|
by: pemo |
last post by:
In Harbison and Steele's book, they say that using 'restrict' allows
functions like memcpy() to be prototyped like this:
void * memcpy(void * restrict s1, const void * restrict s2, size_t n);
But this seems a mite dangerous to me ... a restricted pointer ... is
*assumed* to be the only to access an object.
So, mightn't using such a prototype subtly imply that the compiler
will *actively check* that s1 and s2 do not point to the same
|
by: dion.naidoo |
last post by:
Hi ,is there any way one can restrict users to copy files with
extensions that we dont want on our networks or local pcs. Users are
local administrators of their pcs.
PS. If this is not possible using GPO etc, is there an external
software that would work for this case. Please advise as we are having
huge issues.
Thanks
| |
by: sushilviews |
last post by:
Hi,
I want restrict users from using the backward navigation buttons or backspace key in IE or may be in any browser.
What is the the best way of not allowing the user to restrict backward navigation in ASP.net (with vb.net). I am designing an Online Survey I want to restrict the users from attempting the same questions twice.
|
by: Dakrat |
last post by:
Allow me to preface this post by saying that this is my first database project, and while I have learned a lot, any concepts I have learned are hit and miss as I have found new requirements and researched solutions.
That said, I have a "training" database with PowerPoint briefings which I have users access and complete training. The form then records the date and time they completed training in a relevant field. I have a separate "master"...
|
by: need2know |
last post by:
Hello
In my quest for knowlwdge i would like to know if it possible to hide or restrict certain folders on the C drive from other users who log and use the same computer as the administrator i.e. (Me)?
I am using xp pro
there are 2 other user who are limited users.
Only one Computer
Also is it possible to set up a guest a/c and restrict them from all files on a computer c drive?
|
by: venkat |
last post by:
Hi,
i came across restrict qualifier while looking the code. I haven't
able to understand what does this do?. Can some one help me how does
this makes the things restrict to an specified objects. It will be
good, if explained with example.
Appriciate your help in this regard.
Thanks,
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |