Re: newbie help - Active Directory Membership Provider

From: SpaceMarine <spacemarine@xxxxxxxxxxxxxx>
Date: Tue, 20 May 2008 21:27:38 -0700 (PDT)

On May 20, 9:27 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Note that if you use the AD membership provider, there is no matching role
provider that works with that.

im not sure i understand -- it sounds like youre saying that if i
decide to use AD forms-based authentication, that i would be unable to
use *any* role provider? that cant be right. isnt the entire purpose
of abstract providers that it doesnt matter *which* provider is being
implemented? im expecting to be able to use the AD membership
provider, and a SQL role provider. (this makes sense, because while
the user-base is shared w/i an org, the roles are tailored & varied to
each particular application)

Thus if you want to use the Windows token to
do validation, you must use an authentication mechanism that gets you a
Windows token. The AD membership provider is a forms auth implementation
and doesn't get a Windows token.

im not sure yet which we will be using. if our app were for 100%
desktop users it would be simple. but i have to consider our VPN users
from remote, shared workstations -- those users may force a forms-
based authentication. if so, it would 100% have to authenticate
against an AD source since our org is very large and uses AD; i cant
be recreating every user in an app-specific database. roles yes, users
no.

this doesnt sound problematic does it?

thanks,
sm
.

Follow-Ups:
- Re: newbie help - Active Directory Membership Provider
  - From: Joe Kaplan

References:
- newbie help - Active Directory Membership Provider
  - From: SpaceMarine
- Re: newbie help - Active Directory Membership Provider
  - From: SpaceMarine
- Re: newbie help - Active Directory Membership Provider
  - From: Joe Kaplan

Prev by Date: Re: newbie help - Active Directory Membership Provider
Next by Date: Re: newbie help - Active Directory Membership Provider
Previous by thread: Re: newbie help - Active Directory Membership Provider
Next by thread: Re: newbie help - Active Directory Membership Provider
Index(es):
- Date
- Thread

Relevant Pages

Re: newbie help - Active Directory Membership Provider
... WindowsTokenRoleProvider, but that provider requires that you use ... Windows/IIS for authentication instead of forms auth. ... My co-author has an experimental LDAP-based role provider at codeplex ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Web Site Configuration for remote users
... My site uses Accounts, Roles etc and I'd like to rip out my custom ... A proper method to distribute this to my provider (a .net hosting ... Authentication ... Also, on a brand new WS2003 machine, the Config site is there, but ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Defining Groups with AD users
... For ASP.NET authentication and role based authorization, ... you can configure the membership to use AD ... membership provider and Rolemanager to use SQL server provider. ... Microsoft MSDN Online Support Lead ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: ASP.NET 2.0 Authentication pattern
... > - create custom IIdentity for additional user information ... You need to think about authentication as a seperate "silo" of functionality ... The provider architecture handles these ... areas out into its own provider and backing data store. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: [fw-wiz] Radius access from provider to internal MS ISA Server
... > Our network-engineers are planing a vpn. ... > a selected local internet provider. ... > without an additional radiusproxy in our dmz. ... I prefer to keep internal and external authentication realms different, ...
(Firewall-Wizards)