Re: Defining Groups with AD users

Great :) Thank you very much. I tried it and all is going well. Just one
thing, I notice that when I use the builtin ASP.NET administration site, I
cannot see the members ( due to using windows authentication) which is
understandable. Is there a way to "subscribe" to a particular domain such
that I could see a list of domain users within AD and add them to their
roles without having to make my own page to do this programmatically?

Regards
Geoff

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uwMxPf4FIHA.5204@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi GeoffreyD,

For ASP.NET authentication and role based authorization, you can adopt the
Membership and RoleManager providers. Also, these two providers are
separate so that you can configure each of them to use different provider
respectively. For example, you can configure the membership to use AD
membership provider and Rolemanager to use SQL server provider. Thus, you
can make your client user be authenticated against AD database and after
they have login, their role is retrieved from SQL Server database(via the
role manager provider).

Here is a good article demonstrate using windows authentication(not AD
membership provider since membership is mainly used for forms
authentication) and SQL role manager provider. Howerver, the idea is the
same:

#Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
Authentication and SQL Server
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Bas
ed-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.asp
x

And there are some other good reference about ASP.NET 2.0 Membershp & Role
provider:

#How To: Use Membership in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998347.aspx

#ASP.NET 2.0 Security, Membership and Roles Tutorials
http://weblogs.asp.net/scottgu/archive/2006/06/19/ASP.NET-2.0-Security_2C00_
-Membership-and-Roles-Tutorials.aspx

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.










--------------------
From: "GeoffreyD" <GeoffreyD@xxxxxxxxxxxxxxxx>
References: <OFHApa0FIHA.4808@xxxxxxxxxxxxxxxxxxxx>
<1193345303.827269.191480@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Defining Groups with AD users
Date: Thu, 25 Oct 2007 22:56:40 +0200

Hey, thanks for the reply but I am doing something similar currently. I
need
a more streamlined and generalised solution due to the number of users
that
need to use the site. More importantly, users from different groups are
permitted to visit the same page (e.g. the data will be editable for some
but read-only to others) so I need to be able to check group permissions
on
a task basis as a opposed to page access basis.

"Alexey Smirnov" <alexey.smirnov@xxxxxxxxx> wrote in message
news:1193345303.827269.191480@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Oct 25, 10:35 pm, "GeoffreyD" <Geoffr...@xxxxxxxxxxxxxxxx> wrote:
Hi

I am working on an internal ap.net site and am wanting to assign
permissions
to users using their AD account to authenticate against, but am not
wanting
to setup the actual groups within AD. At the moment is it seems that my
only
answers are ADAM and AzMan. does anyone have any suggestions as to what
I
could use from a pure programmatic perspective?

Thanks

for a page based permissions you can use the web.config file

<authorization>
<allow users="user1,user2"/>







.

Relevant Pages

  • RE: Forms Authentication vs MembershipProvider
    ... First, I'm glad that you've got custom membership provider working, great ... For Forms authentication and membershp service, ... authenticaiton) which is used to provide security authorization (protect ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Defining Groups with AD users
    ... For ASP.NET authentication and role based authorization, ... you can configure the membership to use AD ... membership provider and Rolemanager to use SQL server provider. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Different password policies for different roles
    ... As you have found, by default, each ASP.NET membership provider has a set ... password related policy to the loosest level. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How do you acces ASP.NET WAT on a Web server that doesnt have
    ... "Authentication and access control" ... The second option it to create your own management interface as following ... The third option is to manage in non-ASP.NET context using MemberShip ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SQL Membership Provider Problem
    ... Roles provider. ... it seems he has registered a new membership ... ASP.NET 2.0 membership &role manager service, they use separate provider, ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)