Re: ASP.NET with ADirectory role based authentication

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 08/26/04 

Date: Thu, 26 Aug 2004 09:44:34 -0500

This is easiest to do if you use Windows authentication in IIS against AD.
When you do that, ASP.NET will create a WindowsPrincipal object in the
Context.User property that is used for providing identity and authorization
services to your application. The IsInRole method in WindowsPrincipal will
return true or false based on the user's AD group membership. You supply
the group names in the form "domain\group name".

If you don't use Windows authentication and decide to use Form
Authentication against AD (which I don't recommend), then you need to
compute the user's group membership programmatically and create the
appropriate IPrincipal object.

Joe K.

"naijacoder naijacoder" <naijacoder@toughguy.net> wrote in message
news:uvWjVJ1iEHA.3232@TK2MSFTNGP10.phx.gbl...
> Thanks very much for the reply and for the article but
> i have made a form authentication already with ADirectory and its
> working FINE!
> But what i want to do now is to authenticate against a particular GROUP
> for example Security in Active Directory.
> For example a USER A logs in and he is not in the group called security
> he shouldn't have access and if he is in the GROUP Security then he
> should be authenticated.
> I was thinking about using ROLES in Active Directory but my Question is
> that can i have roles created in Windows 2000 server Active
> Directory?And if i can can i use form authentication directly to the
> ROLES in Actice Directory!!.
> Thnaks in advance and all ideas are welcome.
>
>
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

Relevant Pages

  • Re: Win 98 in ADS integrieren
    ... Seite zum "AD Client für Downlevel CLients". ... Active Directory Client Extensions for Windows 95/98 and Windows NT 4.0 ... software can take advantage of improved authentication features in NTLM ...
    (microsoft.public.de.german.windows.server.active_directory)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.windows.server.security)
  • Re: Change in ASP.Net authentication between Win2000 and Win2003
    ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
    (microsoft.public.inetserver.iis.security)
  • Re: redundant time source
    ... Time Sync is very important to windows. ... Kerberos authentication and, therefore, to Active Directory-based ... Active Directory domain ...
    (microsoft.public.windows.server.active_directory)
  • Re: Passing form credentials to windows security
    ... the standardized browsers and the authentication protocols just don't ... You can configure two websites, one Intranet that is Windows only, the other ... and then authenticate them against Active Directory and then pass the ... those credentials exactly as Microsoft has done with Exchange webmail. ...
    (microsoft.public.inetserver.iis.security)