Re: Using Windows Authentication in ASP.NET - Adding properties to users

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 27 Feb 2007 23:28:53 -0600

Typically, you would implement some role-based security in your application.
There are a variety of ways to do this depending on how fancy you need to
be, but the basic thing to do is to call User.IsInRole and have your
authorization logic decide what to do.

When you use Windows auth, the WindowsPrincipal created that implements the
IPrincipal interface will have roles populated by the user's Windows group
membership, so you generally add users to groups in order to put them in
roles.

If you need more abstraction or mapping, you might want to look at a more
powerful framework like AzMan.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Matt Adamson" <Adamson_Matthew@xxxxxxxxxxx> wrote in message
news:%23Z0l%23ybWHHA.388@xxxxxxxxxxxxxxxxxxxxxxx

Guys,

I'm unsure how to use windows authentication in an intranet application.
I'd like to user existing windows account to identify users however the
issue I have is how to then add settings to those users and map them to
roles.

If I'd like to restrict the windows users which log on and what tasks they
can perform in the application how should I do this? Presumably I'd need
one user to log in initially and perform admin type tasks e.g. assign
windows users permissions to use the application, how should I do this?
How do I create the first user who can log in?

Best Regards

Matt

References:
- Using Windows Authentication in ASP.NET - Adding properties to users
  - From: Matt Adamson

Prev by Date: Re: Assigning roles to a smart card authenticated user
Next by Date: Re: Integrated Windows Authentication Timeout?
Previous by thread: Using Windows Authentication in ASP.NET - Adding properties to users
Next by thread: Re: ActiveDirectoryMembershipProvider & ValidateUser
Index(es):
- Date
- Thread

Relevant Pages

Re: Error setting DirecotrySearchers new ExtendedDN
... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server ... error when my code reaches "using (SearchResultCollection results = ...
(microsoft.public.platformsdk.security)
Re: Single sign-on between web & desktop
... Can you use integrated windows authentication for this? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The desktop app is ...
(microsoft.public.dotnet.security)
Re: Can groups be entered in the authorization tab?
... using the name that Windows uses to do the match, so you don't get a valid ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... intra net site internally. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Light directory service and ADAM
... ADAM is not a store for Windows accounts. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.windows.server.active_directory)
Re: determine trusted domain with windows authentication
... I thought it was created using tokens but the domain name is still ... The domain name in the user name is formed by Windows authentication based ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.dotnet.framework.aspnet.security)