Hi all
I am a relatively experiences Windows/SQL Server database programmes and
have just started on my first ever web app.
I have managed with most of the simple stuff i.e. datagrids, crystal etc,
but I am finding the security model confusing (actually I'm a bit confused
over the event model and postbacks as well, but that's a different story).
Anyway, my first app is to run on our Intranet and the users are (possibly)
to be validated using windows authentication. I can get this working to a
certain extent by using the web site security configuration tool within
VS2005.
What I really need is the SIMPLEST of tutorials, answering things like...
What is the correct way to login, is the windows box that pops up ok, or
should I use a login page with the login components available under VS2005.
How do I validate the login against our network users. (Using windows
security, it looks as though this is already done automatically)?
The security wizard seems to allow access to 'levels' of the website, not
per particular page. I need to be able to control not only to page level,
but to what each user can return from the database on the particular page
(i.e. pass the user to the database). Is there an equivalent to windows
groups, where different people are members of groups, and its the groups
that have the privileges on the pages(I found roles, but couldn't really
figure out how they worked)
Do I first of all validate a login against the network, and then look up
what each user can do in the database?
Does each session somehow know whose logged in? Is there some 'CurrentUser'
class that can be used by any page to see if they first of all they can view
it, and secondly what they can do
so many questions......
So anyway, what I'm looking for is a nice simple tutorial, explaining from
first principles how basic security woks. Obviously I've googled for it,
bust most either assume that you already know what your doing, or show how
to do a certain thing but not how it fits in a bigger picture
thanks in advance
Andy