Re: newbie help - Active Directory Membership Provider

Basically, I was just trying to say that there is no role provider that
comes with ASP.NET that works with AD groups by default except for the
WindowsTokenRoleProvider, but that provider requires that you use
Windows/IIS for authentication instead of forms auth.

My co-author has an experimental LDAP-based role provider at codeplex (ADRP)
that works with the AD membership provider.

If you don't need the AD group for authorization, then you can use whatever
role provider you want.

I hope that clarifies what I was trying to say. :)

You can just use Basic authentication for the remote users combined with
SSL. There is no real need to use forms auth here. If you want to use
forms auth you can, but then you don't get the Windows token.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"SpaceMarine" <spacemarine@xxxxxxxxxxxxxx> wrote in message
news:69358672-75af-4a58-9c9e-7e35b3efd3bb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On May 20, 9:27 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Note that if you use the AD membership provider, there is no matching role
provider that works with that.

im not sure i understand -- it sounds like youre saying that if i
decide to use AD forms-based authentication, that i would be unable to
use *any* role provider? that cant be right. isnt the entire purpose
of abstract providers that it doesnt matter *which* provider is being
implemented? im expecting to be able to use the AD membership
provider, and a SQL role provider. (this makes sense, because while
the user-base is shared w/i an org, the roles are tailored & varied to
each particular application)

Thus if you want to use the Windows token to
do validation, you must use an authentication mechanism that gets you a
Windows token. The AD membership provider is a forms auth implementation
and doesn't get a Windows token.

im not sure yet which we will be using. if our app were for 100%
desktop users it would be simple. but i have to consider our VPN users
from remote, shared workstations -- those users may force a forms-
based authentication. if so, it would 100% have to authenticate
against an AD source since our org is very large and uses AD; i cant
be recreating every user in an app-specific database. roles yes, users
no.

this doesnt sound problematic does it?


thanks,
sm


.

Relevant Pages

  • Re: Group Authentication against ADAM using WSS v3 provider model.
    ... Do you remember what role provider you were using when this was working, ... ADAM) for membership and SQL for roles, ... Joe Kaplan-MS MVP Directory Services Programming ...
    (microsoft.public.windows.server.active_directory)
  • Re: newbie help - Active Directory Membership Provider
    ... provider that works with that. ... decide to use AD forms-based authentication, that i would be unable to ... and a SQL role provider. ... the user-base is shared w/i an org, the roles are tailored & varied to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: secure a folder
    ... ASP.NET 2.0 one can use the membership provider and the role provider ... and/or based on their roles using the authorization element in the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Membership and Role Provider Discussion
    ... Role Provider and how it relates to the overall Microsoft goal. ... been researching the membership and role providers to help me out. ... application, but when you are developing an enterprise app, I'm not so sure ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Default Membership Provider // Caching?
    ... It looks like the default Membership Provider (and Role Provider) always ... goes to the database to get its info. ...
    (microsoft.public.dotnet.framework.aspnet)