D
DKode
Ok,
I authenticate a person against Active Directory using
DirectoryServices, create a AuthTicket and place it in a cookie, with
the value of the cookie being their group membership in
ActiveDirectory.
What would be the best/logical/safest place to put code that actually
checks the groups membership from the cookie and then returns a bool
indicating if they are an admin or not. I have a UI layer, Business
Layer and Data Layer. I would have placed the code in my 'User' class
that handles all processing/adding of users but forms authentication is
not available in this layer because it is a class library.
Would the best place be global.asax, I can see myself checking if they
are an admin before any potentially damaging action
(adding/editing/deleting) other users information is performed so
non-admins can't perform admin tasks.
is there a tutorial or examples someone can point me to explaining
proper evaulating of admins/non-admins. I don't feel like my code is as
secure as it could be.
thank you
DKode
I authenticate a person against Active Directory using
DirectoryServices, create a AuthTicket and place it in a cookie, with
the value of the cookie being their group membership in
ActiveDirectory.
What would be the best/logical/safest place to put code that actually
checks the groups membership from the cookie and then returns a bool
indicating if they are an admin or not. I have a UI layer, Business
Layer and Data Layer. I would have placed the code in my 'User' class
that handles all processing/adding of users but forms authentication is
not available in this layer because it is a class library.
Would the best place be global.asax, I can see myself checking if they
are an admin before any potentially damaging action
(adding/editing/deleting) other users information is performed so
non-admins can't perform admin tasks.
is there a tutorial or examples someone can point me to explaining
proper evaulating of admins/non-admins. I don't feel like my code is as
secure as it could be.
thank you
DKode