Re: Active Directory vs SqlServer which way to go?

From: Patrick.O.Ige (patrickige_at_optusnet.com.au)
Date: 11/04/05

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Active Directory vs SqlServer which way to go?" 
    Date: Sat, 5 Nov 2005 09:55:37 +1100

    Thx Joe for the response.
    Joe i know its like re inventing the wheel.
    But it has been a debate with some other developers and i have been trying
    to explain this.
    They just feel hardcoding the group using IsinRole to perform Authorisation
    is not good enough but the funniest thing
    is that even if you use SQL server you would have to right stored procedures
    and at the same time mainatain the sync with AD Groups.
    Actually i have come across AzMan and i will get more into it.
    Thx guys..
    If there is more resources out there please do forward them.
    And thanks Jan for the snippet info but it would be nice if you could blog
    that
    or post more tutorials to help give others

    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
    in message news:O#cWjgV4FHA.2872@TK2MSFTNGP15.phx.gbl...
    > If the data is already in AD, what benefit could you get from trying to
    copy
    > it into SQL server? That just sounds like a sync nightmare.
    >
    > It seems relatively straightforward to show and hide menu items based on
    > calls to IsInRole and just use Windows authentication.
    >
    > I would probably add some sort of mapping layer so you have some
    indirection
    > between the actual groups used to give you some configurability at
    runtime.
    > AzMan is a good framework for this, but you can put something lighter
    weight
    > together if you don't want to deal with it.
    >
    > Joe K.
    >
    > "Patrick.O.Ige" <patrickige@optusnet.com.au> wrote in message
    > news:OgxH$IS4FHA.3036@TK2MSFTNGP15.phx.gbl...
    > > If i want to generate a menu structure depending on who is logged in
    > > in an intranet system(using windows authentication) is it better to use
    > > the
    > > GROUPS in Active Directory
    > > or to move the Active Directory groups into a Sql Server database and
    base
    > > the authrorization and authentication on the SQL Server roles/groups?
    > > Whats the best way to make use of the GROUPS in active directory to
    > > authorize
    > > users apart from using web.config where you have to set it
    configuratively
    > > like below(but i don't want this)
    > > <authorization>
    > > <allow roles="DOMAIN\HRUsers" />
    > > <deny users="*" />
    > > </authorization>
    > > This works if i want to deny users who are not part of the GROUP
    > > "HRUSERS"(Which just denies the URL .aspx page)
    > > Is it possible to store/collect all the Active Directory groups and use
    it
    > > in code to validate against USERS?
    > > (Apart from storing it in SQL server?)
    > >
    > > or
    > > programmatically by doing :-
    > > If Not (User.IsInRole("HR")) And Not (User.IsInRole("Managers")) Then
    > > ' Display the Button
    > > Else
    > > ' Don't display it!
    > > End If
    > > The badside to these methods is that if you are calling a method several
    > > times from different applications, you will need to repeat the logic
    all
    > > the time. How can i do it declaratively using Active Directory.
    > > I know if i use a database with stored procedures that would be a
    benefit.
    > > Any thoughts?
    > >
    > >
    >
    >

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Active Directory vs SqlServer which way to go?"