I have created an initial topic at [1] on securing the admin function in
FlexWiki. The details are relatively complete for a scenario using Forms
based authentication with SQL Server where only administrators will be
authenticating. There is a rough start at the steps for a Windows
Authentication for a similar scenrio, but using Integrated Windows
Authentication rather than Forms.
[1] http://www.flexwiki.com/default.aspx/FlexWiki/FlexWiki2SecureAdmin.html
John Davidson
On Tue, Mar 4, 2008 at 6:46 AM, John Davidson <[EMAIL PROTECTED]> wrote:
> The wiki can still be entirely file based even though your membership
> system is on a SQL Server. I currently have OdsWiki on a Windows 2008 Sever
> Web Edition using SQL Express for membership, but most namespaces are in the
> file based namespaces, just like flexwiki.com. It works great and is
> relatively easy to configure. Once it is working it is the easiest to
> maintain and to upgrade to different OS (as you plan).
> I would recommend using SQL Express and Forms-based authentication. I can
> write up those instructions today. Microsofts default configurations
> settings unfortunately make it more difficult than it really is.
>
> John Davidson
>
> On Tue, Mar 4, 2008 at 12:38 AM, Astralis Lux <[EMAIL PROTECTED]>
> wrote:
>
> > John,
> >
> > You said:
> >
> > >> I can give you instructions now on how to store the user details in
> > web.config and then use forms authentication. It will accept clear text
> > userid and password, which may not be an issue in your configuration. I
> > could probably get a special page that creates a secure hash for the
> > password running ofr you if it is really necessary. Let me know which
> > you want instructions for first: Windows Authentication or Forms
> > Authentication with user credentials in web.config.
> >
> > My first goal is perfect usability for novice member who use the wiki.
> > Windows Authentication is clumsy. With that being said:
> >
> > I think that if I'm only using a handful of admins/moderators, then
> > storing login information in web.config is fairly simple, right, instead
> > of Windows Authentication? But at the same time, with only a few people who
> > might be admins, maybe Windows Authentication is the most efficient and
> > those five people can just deal with Windows Authentication.
> >
> > But if I allow more people to create and lock their own pages, I would
> > love to have forms authentication while still keeping the file-based wiki.
> > I think storing 1,000 plus members (and growing) in web.config might not
> > be the best method, correct? I can setup a MSSQL table for the membership
> > system, if necessary, but my understanding was that to do that, the entire
> > wiki must be run from a database (if the file-based wiki does in fact still
> > work with a db membership system, then maybe I should just use that).
> >
> > I'm also presuming that the db membership system provides roles.
> >
> > Please advise what you think would be best.
> >
> > ------------------------------
> > Need to know the score, the latest news, or you need your Hotmail(R)-get
> > your "fix". Check it out. <http://www.msnmobilefix.com/Default.aspx>
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > Flexwiki-users mailing list
> > Flexwiki-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/flexwiki-users
> >
> >
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
