As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm a newbie. For impersonation in IIS, what do you think about it? I think it's unsafe. How can IIS spawn a Win32 thread to handle user request with user's identity? Does this mean this thread can do anything using user's identity without user's permission? For example, this thread can connect to other servers and do operations with user's identity.
When using impersonation you would generally create a user with only enough privileges to do what is required of it, e.g. read contents of a folder in c:\inetpub\wwwroot. Similar to how you wouldn't create a DB user that can delete tables when all you need is for it to read some values.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I'm wondering how to approach the topic of user organizations in ASP.NET WebForms application and SQL Server 2008.
Create SQL Servers in-built Logins / Users
or
Create a Username / User and use it to connect to the database. A user data held in the table with password (salt).
Is the second option is a good option? If true please support me with your knowledge.
It sounds like Forms Authentication can help you immensely:
http://support.microsoft.com/kb/301240
For an ASP.NET application, you should be going with your second option.
You definitely want a strong hashing algorithm equipped with a fairly long salt to make sure your passwords are secure.
In terms of an algorithm, you should look at something like Bcrypt, it's got a pretty good reputation on Security StackExchange.
I would use the second option, I dont like builtin logon system. In an old project of mine, there is remember me system and it doesnt work now, and I cannot figure it out why it doesnt work.
It is always better to do your own logon system.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am a student and I'm currently doing senior project. I'm required to work on the application control or application platform to let a group of programmer work together on a server with the security. I would like to know how a group of programmer work together on a server and how to work using visual studio 2010 on a server.
Thanks
First of all you have to use a version control system for your code such as SVN, which is one of the most popular.
There are also some other popular systems like GIT. You should try them both and see what fit your needs.
You'll probably want to create user accounts for each programmer on the server and allow them ssh access. Look into git for project version control.
i recommed your download here !
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
My boss, a dba, is telling me there is a way to authenticate a .net web site using sql server 2005 and later. Not forms authentication, not nt authentication, not passing a sql server login in a connection string, etc., but using sql server. Apparently you can let it handle everything. I have not been able to find anything on this. Any ideas?
SQL Server Authentication is really either rolling out Forms authentication yourself or use the out-of-the-box SqlMembershipProvider. The MSDN documentation has a very comprehensive example there.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
What are the competitors for the standard ASP.NET login web controls?
I want to build a scalable site and manage the users.
You have several options, there is DotNetNuke which is a big time opensource user/login/permissions, CMS all free and works in .net with sql server. Also you can go to visual studio and start a new project and as long as you don't choose the empty project it will create a mini project with a login system that you have to add your database info and so on.
Then again if you're starting out there's nothing like learning and doing it yourself, its fairly simple.
sql server table with username, password, accesstype(admin, user)
login form with username, password fields
do a select to table passing username and passwords and see if it returns a value, if not the combo incorrect.
if it doesn't start session and set the user id in session if you need to use it somewhere else or just to make sure that it times out by checking that session id in everypage.
that's reallyyy basic but its the idea of it.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Needs to be secure and able to handle thousands of users.
Check out ADAM and AzMan.
ADAM is Active Directory Application Mode. There is a how-to guide at: http://msdn.microsoft.com/en-us/library/ms998331.aspx
AzMan is Authorization Manager. There is a how-to guide at: http://msdn.microsoft.com/en-us/library/ms998336.aspx
Three alternatives to ADFS are
Symplified - Various product options
Ping - SaaS product
Forgerock - This is an open platform
All integrate with AD in some way