Re: Windows Authentification against a list of users

From: Tom Johnson (
Date: 06/25/03

Date: Wed, 25 Jun 2003 12:47:10 -0400

Hello Joe

An internal reglement demand me to implement Nt security so i need to use
WindowsAuthentification. But a personnel idea is to save roles and groups in
the db instead of calling IT swat ;) to manage NT groups for to users so i
think that's better to store those info. in the db.

i'm building my custom GenericPrincipal in the
WindowsAuthentication_OnAuthenticate or in the
Application_AuthenticateRequest so i can retreive user info in the db but
the only things that i don't know is how to manage my invalid user.. i need
to inform them that they are not allowed in my apps. so i need to redirect
them to an invalid access page but i fall in a loop if i redirect them..
So i transfert them.. but i don't wan't to test against the db on all
request.. but i think that
i've no way to know if it's the first time that i test it.. because de
state is not load at this moment..

an idea?


"Joe Kaplan (MVP - ADSI)" <> a écrit
dans le message de news:OhIGlZgODHA.2312@TK2MSFTNGP12.phx.gbl...
> One thing you might do would be to validate against a group in the domain
> your are authenticating against. Then, you could use the group name under
> the allow tag with the Roles attribute. You would be using the AD or
> as your list of allowed users instead of your database though.
> If you absolutely need to validate against a database, you might consider
> using Forms authentication instead of Windows authentication and creating
> custom roles from your database. Another thing you might do would be to
> build a new GenericPrincipal object in the AuthenticateRequest event that
> contains role information from your database and then validate against
> roles in the web.config. That would allow you to combine Windows
> authentication with a custom database-based authorization scheme.
> There are lots of options. I hope this gives you some ideas.
> Joe K.
> "tom johnson" <> wrote in message
> news:eHlXojeODHA.2228@tk2msftngp13.phx.gbl...
> > Hello all,
> >
> > i'm sure i'm not the only one that what to do that.
> > I want to use windows authentification for validate the
> > user password but i wan't to check if the user is a valid
> > user in my database.
> >
> > so i have this piece of code in my web.config
> > <authentication mode="Windows" />
> > <authorization>
> > <deny users="?" />
> > <allow users="*" />
> > </authorization>
> >
> > but for the validation against the db... i just don't know.
> >
> > can somebody give me a hint for the validation in db.
> > Just the where and how.... (for validation.. not for
> > access to db)
> >
> > I know that the list of users can be store in web.config
> > but i need a dynamic list of user so I store it in the db
> >
> > thanks... and have a nice day
> >
> >