Hello,
It has been quite some time since I posted this message to the list. However,
I wanted to check in to see if anyone has a working solution for my problem.
Thanks,
Jeremy
----- Original Message -----
From: "Jeremy Landes " <jsl16@ psu . edu >
To: cosign-discuss@lists. sourceforge .net
Cc: "JOY MARIE SHUTTERLY " <joys@ psu . edu >, "Rick Rhoades " <rrr6@ psu . edu
>
Sent: Monday, January 30, 2012 2:32:47 PM
Subject: URL Authorization in Windows 2008
All,
I'm in the process of doing some research and planning to upgrade our Web
servers from Windows 2003 to Windows 2008 R2. One of the stumbling blocks that
I've run into so far is how to handle URL authorizations in Windows 2008 using
groups defined within LDAP (we call them User Managed Groups or UMG's ).
What we currently do in Windows 2003 is as follows:
* We have a Web-based tool with a SQL back-end that stores a list of
directories that need to be secured, along with a list of UMG's that should
have access to those directories. This, I will call our Access Manager.
* We use URLAuth to query LDAP for a list of groups that the currently
authenticated user, through CoSign , is a member of. If the user belongs to
one of the UMG's that are authorized to have access to a specific directory
listed in our Access Manager, they will be granted access to that resource. If
not, they are denied access and given a 401 unauthorized error.
* We modify the IIS metabase to add in the list of directories that should
be secured, so that IIS knows how to handle them using URLAuth .
Because Microsoft has changed the way URL authorizations work in Windows 2008,
it does not appear that this will work as it had in Windows 2003.
Does anyone have a working solution on how to handle URL authorizations in
Windows 2008 using UMG's ?
A colleague of mine here at Penn State has also asked this question in the
past. You can view her message at http :// sourceforge .net/ mailarchive
/message. php ? msg _id=26876552. We're basically trying to do the same thing.
Thanks,
Jeremy
----------------------------------------------------------------------------
Jeremy Landes
Programmer/Analyst
Web & Communication Services
Administrative Information Services
Information Technology Services
The Pennsylvania State University
4 Shields Building
University Park, PA 16802
Phone: (814) 863-2887
E-mail: jsl16@ psu . edu
Web: http :// ais .its. psu . edu
----------------------------------------------------------------------------
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
