Do I need to do domain authorization on the intranet site using the database?

S

Shaidulint2016-08-23 10:12:02

Database

Shaidulint, 2016-08-23 10:12:02

Hello, on an intranet site where you plan to use domain authorization, is it worth doing authentication using the database? I'm not talking about tables, I mean logins and roles in the database itself and their rights to various databases. How common is this practice? Is it right to do so?
It's just that the application must have access to files to which the user does not have rights. Therefore, it is not very clear to me how to force the application to connect to the database under the user, and read / write files under another record (system)?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dmitry Kovalsky, 2016-08-23
@Shaidulint

Logins and passwords do not need to be stored in the database. At least it is not safe, but in fact there is simply nothing to do. You do not check them in any way and do not display them anywhere (well, maybe a login is needed). What should be mandatory in this case is the structure of the restriction of rights in the system. It depends on the specific architecture. By and large, by the user's GUID, you should get a set of rights available to the user. Well, or at least unambiguously say whether a user with such a GUID has the right or not.

A

Artemy, 2016-08-23
@MetaAbstract

If you delve into the topic of authorization, then in my opinion the optimal solution is LDAP + SASL at the moment. Of course, you can go deeper into Kerberos, but I think this is not at all trivial

F

Fredcapit, 2016-09-01
@Fredcapit

I didn't see any problems with ASP.NET on IIS. The application works under its own account. When an HTTP request arrives and NTLM or Kerberos authentication is enabled on IIS, and the database connection string contains the "Integrated Security = true" parameter, then the connection to the database is performed on behalf of the user.