Hi all,
My situation:
- VB.net & Visual Studio 2002
- IIS 6.0 - Windows XP Pro (development) and Windows 2000 server (release)
I created a test-application (before I started to develop the real
application), to check the possibillities of the NTFS Security on IIS and
ASP.net.
This security was what I needed! A flexible solution to change page-based
user-rights (users can access that page or not).
Then I started to develop my app and used Excel Automation. This automation
needed User Impersonation to have access to my Excel.
Now, the problem is that I can't combine those two ways of security...
I double checked this pages:
http://aspnet.4guysfromrolla.com/dem.../031204-1.aspx
http://authors.aspalliance.com/aspxt...rityworks.aspx
http://msdn.microsoft.com/library/de...entication.asp
But I'm unable to find the solution I need!
What I need is:
- Users are allowed to view some pre-defined pages (F.e.: User A -> Page
1,2,3 / User B -> Page 2,4,7)
- My app needs to have access to a small MS Access-database, located on the
same server
- My app needs to have access to MS Excel, to use Excel Automation
- A "computer-dummy-administrator" should have the possibillity to change
the access-rights to the pages
- I mostly like to use Windows-Security (because of the amount of users to
define)
What is the best way to provide this security?
How should I configure my IIS-access, my Web.Config, Machine.Config, my
NTFS-settings,... ?
Thanks in advance for your advice!
Sam
