Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>You don't need any tables nor any single line of code. For an intranet site, the best option is to use <a href="http://en.wikipedia.org/wiki/Integrated_Windows_Authentication" rel="nofollow noreferrer">HTTP Negotiate authentication</a> and use the Active Directory group membership for authorization:</p> <ul> <li>Create a domain security group for the users that have access to the site</li> <li>Add the authorized users to this group</li> <li>On your IIS server, add the UrlAuthorizationModule to IIS (from add/remove program features)</li> <li>A new icon "Authorization Rules" will appear on your site enabling you to configure security for your site</li> <li>Modify the site security to allow only members of the group you created earlier to view your site</li> <li>Enjoy</li> </ul> <p>This is a perfect setting when the site pages never care about the identity of the user connected, but the site overall has to be restricted to a set of trusted/authorized users. IIS will take care of authentication and authorization and you can configure the 403 page response for users not authorized. The whole authentication process happens at the HTTP level, there is no 'user' to 'encrypt' in URL or anything of that sort. The IIS will challenge the browser with an SPNEGO authentication challenge and all browsers know how to handle that, responding with a negotiation that authenticates the <em>current logged in user</em> on thew workstation that browses the site (aka. Integrated Authentication). See <a href="http://technet.microsoft.com/en-us/library/cc772206(WS.10).aspx" rel="nofollow noreferrer">Configuring URL Authorization Rules in IIS 7</a> for details.</p> <p>You can stop reading here if you don't need to be confused. </p> <p>If you care to lear all the details, then note that this is <strong>not</strong> the same as the ASP.Net URL Authorization module that you'll find plenty of references all over, which you configure from the .config file(s). See <a href="http://learn.iis.net/page.aspx/142/understanding-iis-70-url-authorization/" rel="nofollow noreferrer">Differences Between ASP.NET URL Authorization and IIS 7.0 URL Authorization</a>.</p> <p>If your code actually needs the identity of the caller (eg. for audit purposes) then you must add a managed module that passes the authentication information into your appdomain. This module is <a href="http://msdn.microsoft.com/en-us/library/system.web.security.urlauthorizationmodule(VS.80).aspx" rel="nofollow noreferrer">UrlAuthorization</a> managed module. Note that, for a perfect 1-2 punch of confusion, the module is named UrlAuthorization but it's implemented in the managed module named UrlAuthorizationModule, which is <em>not</em> the same as the true IIS native UrlAuthorizationModule module... </p> <p>If you need to impersonate the caller then things will get more complex, as you'll have to configure trusted delegation. For this you configure <a href="http://msdn.microsoft.com/en-us/library/xh507fc5(VS.80).aspx" rel="nofollow noreferrer">ASP.Net Impersonation</a> and then you enable constrained delegation to be able to reach the SQL Server from your ASP.Net app pool, see <a href="http://msdn.microsoft.com/en-us/library/ms998355.aspx" rel="nofollow noreferrer">How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0</a> (IIS 7.0 is similar).</p> <p>And finaly there is the issue wether you want to your application code to behave differently based on the identity of the caller (ie. show admin options) and for that probably the best option is to use a <a href="http://msdn.microsoft.com/en-us/library/aa478950.aspx" rel="nofollow noreferrer">role membership provider</a> integrated with Active Directory like WindowTokenRoleProvider.</p>
    singulars
    1. This table or related slice is empty.
    1. POBasic questions on setting up an access controlled intranet site - ASP .NET
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USRemus Rusanu
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POBasic questions on setting up an access controlled intranet site - ASP .NET
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COHello Remus, Thank you so much for such an elaborate answer. In our case, the content of pages will change depending on who the user is. I must apologize for not making that explicit. But luckily you have given some idea on how to handle that scenario (role membership provider). I will do some research on that and post back my design idea. Thanks again.
      singulars
      1. PO
      1. USKalC
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload