The Identity Impersonate will allow your domain users to be authenticated with their network login transparently. You can query that data into your pages as well.
set the connection string in your page, or call the appsettings in the web.config
Dim ConnectionString As String = "server=(local);database=helpdesk;trusted_connection=true"
In SQL Enterprise Manager, create users of the Database and grant access to the database you have with rights you want them to have. There is no need to add Local Accounts. You can add Domain\Domain Users, Domain\AnyDomainGroup, granting them access.
And as for auditing, heres what i did...in my tables i have each user listed by network login accounts, for example, mine is MyDomain\aroof, but my table only lists 'aroof' for ease of entry. Then i do the following on update of a record...
'Global Declaration Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent Dim strUser As String = user.name
'Place Page_Load events here 'Click of a button Sub quickUpdate_Click(sender As Object, e As System.EventArgs) 'Append to Users Input their domain name as entered into tables - No need to use substring if you want entire domain credentials Dim upText As String = Update.Text & " - " & strUser.Substring(strUser.IndexOf("\") + 1)
Dim myConnection As New SqlConnection(ConnectionString) Dim UpdateCommand As SqlCommand = new SqlCommand() UpdateCommand.Connection = myConnection
' execute the command Try myConnection.Open() UpdateCommand.ExecuteNonQuery() Catch ex as Exception Message.Text = ex.ToString() Finally myConnection.Close() End Try
BindDetailGrid() End Sub
What that does is append to the text a -Aroof at the end. The indexof removes the 'domain\' that IIS knows the user as because of IWA. You can call that into a seperate Auditing table if youd like.
To Enter the login info into a textbox you can do this.
<%@ Page Language="VB" debug="true"%> <script language="VB" runat="server"> Sub Page_Load(Sender as Object, E as EventArgs) Dim user As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent Dim strUser As String = user.name myLabel.Text = strUser myLabel2.Text = strUser.Substring(strUser.IndexOf("\") + 1) End Sub </script> <html> <head> <title>I Know Who You Are</title> </head> <body> <form runat="server"> You are: <asp:Label id=myLabel runat=server /><br> Or also known as: <asp:Label id=myLabel2 runat=server /> </form> </html>
My Tables are as such, which allows me to call them by full name... ClientID, ClientName, ClientNetworkID 57 Adam Roof aroof
so another example is this...
Sub Page_Load(Sender As Object, e As EventArgs) If strUser <> "" Then strUser = strUser.Substring(strUser.IndexOf("\") + 1) Dim myConnection As New SqlConnection(ConnectionString) Dim SelectCommand As String = "SELECT ClientID, ClientName, ClientNetworkID FROM tblClients WHERE NetworkID LIKE '" & strUser & "'" Dim myAdapter As SqlDataAdapter = New SqlDataAdapter(myCommand) Dim dataset As DataSet = New DataSet() myAdapter.Fill(dataset) Try userTxt.Text = dataset.tables(0).rows(0).item("ClientName") Catch ex as Exception userTxt.Text = "Your login has not been entered into our Database. Please contact the Help Desk to correctly use the features of the Intranet" ViewState("denied") = "True" Finally myConnection.Close() End Try End If
If ViewState("denied") <> "" Then Exit Sub Else 'Continue loading the rest of the page End If
One final point is that if you access your Intranet via IE5.5 or greater, AND you use the FQDN to connect (http://myserver.mydomain.ent) then IWA will still prompt you for your credential UNLESS you add the site to your Intranet Zone in IE Internet Options. OR YOU CAN access the site WITHOUT a dot (http://myserver) then it wont prompt you! It will be transparent.