How to: Authenticate with a User Name and Password‎ in folder? RRS feed

  • Question

  • User1005949380 posted


    Me Need Help In Add Authenticate with a User Name and Password‎ in folder in host not acess to edit iis.

    read all user & pass in db (sqlserver).

    Friday, February 21, 2014 3:24 AM

All replies

  • User-902516579 posted


    You might consider implementing Windows Authentication that uses either NTLM or Kerberos.

    Then the client credentials can be applied to the access rights given on a folder.

    You need to also check the identity of the application pool.

    Don't store passwords on a database in clear text, IMO:  http://www.thebestcsharpprogrammerintheworld.com/blogs/using-cryptography-and-sha-encryption.aspx

    HTH, Benjamin

    Friday, February 21, 2014 9:26 AM
  • User-1620313041 posted

    In addition to Perkinsville once you have chosen windows authentication, the best way to proceed is to make the asp.net impersonate the user not for all request but just for executing the piece of code that access the file. This can be done creating an impersonation context:

    using (WindowsImpersonationContext impersonatedUser = (User.Identity as System.Security.Principal.WindowsIdentity).Impersonate())
         //Access your file and/or folders here  

    Friday, February 21, 2014 9:34 AM