What type of authorization is recommended for a bussiness app inside a domain

Question

User-508216992 posted

Hello guys,

I am developing a webform application for an Entity. 

This application will have different type of users, allowing them to access diferent forms or features of the application according their role. Though the application is inside a domain and Windows Authentication is an option, I was thinking to use Webform Authentication. With Windows Authentication, every time I want to add an user or change an user role, the TI team has to be involved. 

With Forms Authentication I only will have an Admin user that can add roles and users whenever we want. Is my approach correct? Should I combine two authorization modes? What type of authorization do you recommend?

Answer 1

User-691209617 posted

Hi,

I would recommend ASP.Net identity the reason is ASP.NET Identity membership is newest approach to make membership system on right way. It solves previous problems and also support newest demands, like external login with existing Facebook, Google, Twitter or Live login. Here are most important advantages of ASP.NET Identity:

• ASP.NET Identity supports all types of ASP.NET applications like Web Forms, MVC, Web API, SignalR or web pages. No need to learn different methods for MVC and Web Forms. Now one membership system supports all kinds of ASP.NET applications.
• New ASP.NET Identity system is easy to customize. You can add new fields to user profile in no time.
• ASP.NET Identity is designed based on interfaces which means highly customizable. If you don't like one part of system, you can replace it with your object.
• Default implementation uses Entity Framework code first. Since database schema is in your hands, you can easily change table names, primary keys, data types etc.
• By default, system uses SQL Server database. You can change that and use Oracle, MySQL, SharePoint, NoSql, Windows Azure Active Directory and practically any other database.
• ASP.NET Identity is highly testable. When MVC is introduced, one of intentions was to enable unit testing in web application. But, SimpleMembership still could not be tested. ASP.NET Identity resolves this problem too, and now all parts of ASP.NET web application, including membership system, are unit testable.
• Support for Claims and Roles. Old membership systems are supporting Roles to enable better authorization. By using Roles, you can allow or disallow access to different parts of web application. ASP.NET Identity has roles too, but also introduces Claims. In short, Roles are like subset of Claims. 
  Claims could contain user roles, but also other information about user like first name, last name, email, user groups etc. Because of that, you can allow or disallow user access on many different criteria, practically whatever makes sense for you (e.g. allow access only to users who have a boss named Jeff). Claims are separate part like everything else in ASP.NET Identity. Authentication, authorization, roles and claims are all separated to support easier replace and customization. 

Here is the simple article.

https://www.asp.net/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-web-forms-project

Hope it helps.

Answer 2

User1724605321 posted

Hi Faqundo,

If you are using the ASP.NET Web Pages framework to build an Intranet site that will be hosted within your own corporate network (i.e. client machines and web server are in the same domain), you can use Integrated Windows Authentication .

Integrated Windows Authentication is the preferred approach to authentication whenever users are part of the same Windows domain as the server . Please refer to below links for more details and how to implement Windows Authentication in asp.net :

https://www.asp.net/mvc/overview/older-versions-1/security/authenticating-users-with-windows-authentication-cs 

http://www.mikesdotnetting.com/article/216/windows-authentication-with-asp-net-web-pages 

Best Regards,

Nan Yu