My Nightmare entry into ASP.Net

Results 1 to 2 of 2

Thread: My Nightmare entry into ASP.Net

  1. #1
    Join Date
    Dec 1969

    Default My Nightmare entry into ASP.Net

    I have designed & developed a Classic ASP Intranet for my firm a couple of years ago.<BR>Yesterday My boss calls me in and directs me to do the following.<BR>"I&#039;ve been reading about .Net Security and am impressed with the Windows authentication method. I want you to apply this to the Intranet without having to upgrade the Classic ASP Intranet to ASP.Net. The security layer will be dotNet over the classic ASP Intranet"<BR><BR>The things I had briefly formulated to execute this was:<BR>Build an empty ASP.Net application,<BR>Import the entire classic ASP Intranet into this application,<BR>Use Web.config file to apply windows based security<BR><BR>Current Classic ASP User Authentication:<BR>Login.asp --&#062; Login_Check.asp (authenticates user, puts cookies with keys & subkeys on the user&#039;s m/c) --&#062; Welcome.asp<BR><BR>ASP.Net :<BR>Configure the application on IIS for windows authentication --&#062; Web.config (authenticates User or Group) ---&#062; GatherUserInfo.aspx (Gets User loginname/network email etc.) ---&#062; Login_Check.asp(puts cookies with keys and subkeys - values of which are gathered from GatherUserInfo.aspx, this is important as most of the program residing on the intranet use cookie values for processing and my instructions are not to change or modify any Classic ASP Files) ---&#062; Welcome.asp<BR><BR>Will this work? will all asp pages behave as they have been? are there any issues i have to iron out before I actually start building this application <BR>Are there any step by step instructions for a similar scenario available on any site or in any books ?<BR><BR>I am stressed out, spent buying security books on .Net <BR>Wrox : security<BR>.Net framework security<BR>Orielly : Programming .Net security<BR>Either i&#039;am blinded by my stress or these books don&#039;t have the steps explained neatly to help me achieve my goal..<BR><BR>Gurus please please help !!!!!!!!!!!!!!

  2. #2

    Default RE: My Nightmare entry into ASP.Net

    Did it say anywhere that this was possible? I don&#039;t think so.<BR> is not asp version 4 it is a new technology that is supposed to better solve the same sort of problems that asp solved.<BR><BR><BR>If you want to use Windows Auth instead of a custom login, why not simply remove anonymous access to the website in the IIS manager? <BR><BR>Ugly but possible workaround.<BR>Instead of using the login in asp, you can redirect to the aspx login and set the cookies that you want when the user logs in.<BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts