Is using NT USERID sufficient for security?

Results 1 to 4 of 4

Thread: Is using NT USERID sufficient for security?

  1. #1
    Big Mac Guest

    Default Is using NT USERID sufficient for security?

    Hi,<BR><BR>I&#039m developing an intranet site and I would like to grab a user&#039s NT USERID as a way of restricting access to parts of the site. If I maintain an Access DB with eligible USERIDs, grab the ID with request.servervariables("logon_user"), query the DB and restrict access if logon_user does not exist, are there any reasons why this method should be used or not be used? Is this sufficient security. In other words, wouldn&#039t this be as good as a password (or some other form of authentification) since an eligible person must be logged on to the network to access the page.<BR><BR>Thanks for all inputs.

  2. #2
    leungas Guest

    Default RE: Is using NT USERID sufficient for security?

    If you are doing this, I would actually recommend to use COM and read the security straight from the server. This give you extra security handling. <BR><BR>

  3. #3
    Big Mac Guest

    Default Could you expand further?

    I am relatively new to ASP and am not fully aware of what you are talking about.<BR>Maybe a link to appropriate information?<BR><BR>Thanks!

  4. #4
    Leungas Guest

    Default RE: Could you expand further?

    The idea is that you can use COM to use WinNT API Functions, like LogonUser.exe etc...<BR><BR>Using this, you can apply the security just like your users logon straight from workstations....<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts