i want to implement authorization with windows authentication and don't
have the slightest clue of how to do this implementation.  the basic
windows authentication for this .NET application is already setup.  my
problem lies within my inability to manipulate the username captured in
the authentication process and my knowledge of how IIS is involved.

specifically, i have the following questions:
1) what object(s) can be used so that the user's username can be
manipulated for the authorization process?
2) in order to apply roles, do the users need to be placed in groups in
IIS?  if so, how does this work?
3) is all the code that the application uses for roles in web.config?
or does global.asax play a role in this matter?
4) does the web.config file know to communicate with IIS because the
authorization type is set to windows?
5) once authorization is in place, can a section of an .aspx file be
visible to a group or can only entire files be secured for a group?

as you can see, i'm trying to figure out the relationship between
authorization and windows authentication so any help would be
appreciated.

thanks,
john
e: phreesk***@gmail.com

phreesk***@gmail.com wrote:
There was no way for you to know it, but this* is a classic asp newsgroup.
While you may be lucky enough to find a dotnet-savvy person  here who can
answer your question, you can eliminate the luck factor by posting your
question to a newsgroup where the dotnet-savvy people hang out. I suggest
microsoft.public.dotnet.framework.aspnet.

Nevertheless ... I'll give it a try. Read on.

That would be User.Identity.Name

No such thing as IIS groups. You can either create groups in a database
(which can be as simple as a table containing a username column and a
groupname column), or create groups in your Active Directory, meaning that
you will need to learn how to query the AD, which is no trivial task.


There is no code in web.config

A Session_onstart sub in global.asax could come into play if you choose to
take that route, but usually, the answer is: Neither.

Huh? You need to go back and read the book. web.config does not
"communicate" with anything. It is simply a configuration file containing
settings that your application's dll uses when it loads.

Also, the "authentication" type is set in web.config. Authorization is up to
you to implement.

Yes to both, but there's nothing automatic about it. You have to write the
code to make it happen.

Please follow up in the aspnet newsgroup.

Bob Barrows
*I read this message and replied to it in the .inetserver.asp newsgroup. In
the future, pleas pick a single group to post your message to. Usually,
somebody will be polite enough to point you in the proper direction if
you've chosen the wrong newsgroup.

Bob Barrows [MVP] wrote:

oops, a little bit of misinformation here: You CAN use authorization based
on AD groups. Here is a link with more information:
http://msdn.microsoft.com/library/en-us/vbcon/html/vbconWebApplicationSecurityAtRunTime.asp

There is a section about authorization about halfway down, including links
to other relevant documents.

Ideas on deferring authentication?
401.3 frustration
IUSR account passwords sync
Multiple SSL on the same IIS
how many users can share one account
.net user not working IIS6
IIS and domain security
Installing root certificate & chain
IIS6 and Pass-Through Authentication
How to generate a temporary cert ?