Re: Active Directory vs SqlServer which way to go?
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/04/05
- Next message: Jan Peter Stotz: "Re: Active Directory vs SqlServer which way to go?"
- Previous message: Jan Peter Stotz: "Re: Active Directory vs SqlServer which way to go?"
- In reply to: Patrick.O.Ige: "Active Directory vs SqlServer which way to go?"
- Next in thread: Patrick.O.Ige: "Re: Active Directory vs SqlServer which way to go?"
- Reply: Patrick.O.Ige: "Re: Active Directory vs SqlServer which way to go?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Nov 2005 09:55:12 -0600
If the data is already in AD, what benefit could you get from trying to copy
it into SQL server? That just sounds like a sync nightmare.
It seems relatively straightforward to show and hide menu items based on
calls to IsInRole and just use Windows authentication.
I would probably add some sort of mapping layer so you have some indirection
between the actual groups used to give you some configurability at runtime.
AzMan is a good framework for this, but you can put something lighter weight
together if you don't want to deal with it.
Joe K.
"Patrick.O.Ige" <patrickige@optusnet.com.au> wrote in message
news:OgxH$IS4FHA.3036@TK2MSFTNGP15.phx.gbl...
> If i want to generate a menu structure depending on who is logged in
> in an intranet system(using windows authentication) is it better to use
> the
> GROUPS in Active Directory
> or to move the Active Directory groups into a Sql Server database and base
> the authrorization and authentication on the SQL Server roles/groups?
> Whats the best way to make use of the GROUPS in active directory to
> authorize
> users apart from using web.config where you have to set it configuratively
> like below(but i don't want this)
> <authorization>
> <allow roles="DOMAIN\HRUsers" />
> <deny users="*" />
> </authorization>
> This works if i want to deny users who are not part of the GROUP
> "HRUSERS"(Which just denies the URL .aspx page)
> Is it possible to store/collect all the Active Directory groups and use it
> in code to validate against USERS?
> (Apart from storing it in SQL server?)
>
> or
> programmatically by doing :-
> If Not (User.IsInRole("HR")) And Not (User.IsInRole("Managers")) Then
> ' Display the Button
> Else
> ' Don't display it!
> End If
> The badside to these methods is that if you are calling a method several
> times from different applications, you will need to repeat the logic all
> the time. How can i do it declaratively using Active Directory.
> I know if i use a database with stored procedures that would be a benefit.
> Any thoughts?
>
>
- Next message: Jan Peter Stotz: "Re: Active Directory vs SqlServer which way to go?"
- Previous message: Jan Peter Stotz: "Re: Active Directory vs SqlServer which way to go?"
- In reply to: Patrick.O.Ige: "Active Directory vs SqlServer which way to go?"
- Next in thread: Patrick.O.Ige: "Re: Active Directory vs SqlServer which way to go?"
- Reply: Patrick.O.Ige: "Re: Active Directory vs SqlServer which way to go?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
