W
William F. Zachmann
A web site that will run on Windows Server 2003 and IIS 6.0 needs to provide
three levels of access, one for the public and two others for two levels of
subscribers. This is a port of a prior site that runs on an old version of
the Netscape Web server (which manages user authentication and access). The
three levels of access are currently served up by three different versions
of an ISAPI DLL, written in C++, also managed by the Netscape web server.
The DLL responds to inquiries against a SQL database and directly outputs
formatted Web pages. It is not practical to re-write the DLL.
So the challenge is to figure out how best to handle user authentication and
access control in the new environment. I have got it to the point where the
site works as it should by putting the three different versions of the DLL
(which three Netscape managed out of a directory of its own) directly into
the three main directories associated with the three different levels of
access, but with only a placeholder page for user authentication and, as
yet, no access control whatsoever. I have simple replaced the former user
login (CGI) page with links to the main pages in the directories for the two
subscriber levels.
The main question then is: How best to manage user authentication and
access?
It looks like this should be possible using ASP.NET forms authentication,
handling user authentication via a newly written logon page written in C#,
but I am having a hard time figuring out exactly how to configure the web
site to do that. I have been experimenting with the forms authentication
examples in Chapter 8 of Jeff Webb's MCAD/MCSD Self-Paced Training Kit book
"Developing Web Applications with Microsoft Visual Basic.NET and Visual
C#.NET" but have not yet been able to tweak things properly to get it
working in the new site context.
Secondary questions that have emerged in my process or trial and error
include:
How to configure NTFS file settings and IIS 6.0 directory security
settings when using ASP.NET forms authentication?
What, if any, settings are required regarding the three different
versions of the ISAPI DLL?
How, exactly to, configure the WEB.CONFIG files in the relevant
directories?
Any suggestions or pointers to good sources of information would be most
appreciated.
All the best,
will
William F. Zachmann, President
Canopus Research Inc.
http://www.canopusresearch.com
three levels of access, one for the public and two others for two levels of
subscribers. This is a port of a prior site that runs on an old version of
the Netscape Web server (which manages user authentication and access). The
three levels of access are currently served up by three different versions
of an ISAPI DLL, written in C++, also managed by the Netscape web server.
The DLL responds to inquiries against a SQL database and directly outputs
formatted Web pages. It is not practical to re-write the DLL.
So the challenge is to figure out how best to handle user authentication and
access control in the new environment. I have got it to the point where the
site works as it should by putting the three different versions of the DLL
(which three Netscape managed out of a directory of its own) directly into
the three main directories associated with the three different levels of
access, but with only a placeholder page for user authentication and, as
yet, no access control whatsoever. I have simple replaced the former user
login (CGI) page with links to the main pages in the directories for the two
subscriber levels.
The main question then is: How best to manage user authentication and
access?
It looks like this should be possible using ASP.NET forms authentication,
handling user authentication via a newly written logon page written in C#,
but I am having a hard time figuring out exactly how to configure the web
site to do that. I have been experimenting with the forms authentication
examples in Chapter 8 of Jeff Webb's MCAD/MCSD Self-Paced Training Kit book
"Developing Web Applications with Microsoft Visual Basic.NET and Visual
C#.NET" but have not yet been able to tweak things properly to get it
working in the new site context.
Secondary questions that have emerged in my process or trial and error
include:
How to configure NTFS file settings and IIS 6.0 directory security
settings when using ASP.NET forms authentication?
What, if any, settings are required regarding the three different
versions of the ISAPI DLL?
How, exactly to, configure the WEB.CONFIG files in the relevant
directories?
Any suggestions or pointers to good sources of information would be most
appreciated.
All the best,
will
William F. Zachmann, President
Canopus Research Inc.
http://www.canopusresearch.com