Step 1:  Select Application Security Type

Go to:

Tools, Security Wizard...

Iron Speed Designer creates several types of application security, which you designate in the Security Wizard.

Use the Security Wizard to configure authentication and authorization control in your application.

There are two aspects to application security:

User authentication types

Authentication type



Validates the user using user name and password against a designated Users table your the database.  Database security can be used only with Database role-based security where the roles are retrieved from the same database.

Microsoft Active Directory

Validates the user against the Active Directory server.  It creates a Directory Entry using user name and password and then searches to retrieve information regarding this particular user; the user is considered authenticated if information is retrieved. Active Directory authentication can be used with Database Roles, Active Directory Groups and AzMan roles store.  Active Directory security allows single sign in for Intranet users. It will retrieve the user name from the context and use it to retrieve information from the Active Directory.

Active Directory security requires certain settings in Microsoft IIS and your application.

Microsoft SharePoint

Does not require sign in and delegates authentication functions to SharePoint server.  It retrieves user identity from the SharePoint context: Microsoft.SharePoint.SPContext.Current.Web.CurrentUser   Microsoft SharePoint authentication could be used only with Microsoft SharePoint Groups authorization.

Windows Authentication

Verifies if HttpContext.Current.Identity.User is set and if set considers the user as logged in and retrieves the user’s roles from the database.  If the roles can’t be retrieved, the role is set to Non-Anonymous.

Important: use this security type carefully because it does not require the user to enter a password and effectively authenticates every user who logged in into the domain. This security type should be used only with applications and where Microsoft IIS set to Windows authentication.

If HttpContext.Current.User is not set, and Database Roles is selected as a Role-based security type, the user will redirect to the Sign In page and use the database to authenticate user and password.  Accordingly, if your application is used both for intranet and Internet users, Internet users will use normal database authentication.

To enable authentication for Windows and Active Directory Authentication when using IIS Express development server under .NET 4.5 Framework see Configuring IIS Express.

See Also

Security Wizard