ASP.NET 2.0 Membership and AD

R

Roel Korsten

Hello,

We're about to develop an ASP.NET 2.0 application. We're investigating all
the new stuff in ASP.NET 2.0 and how to use it.

There are 2 important specs for the app:

1. App has to have its own membership (login-page and so on) but when the
app is running in an Active Directory (AD) environment, the users should
login automatically (single sign-on) based on their Windows account
credentials. We want to use the membership controls of VS2005 but are they
flexible enough if the app is running in an AD environment?

2. Different users have different roles (multiple roles per user). Per rol
there are different functions for different controls (textboxes read-only,
gridviews that allow editing but not allow users to add records, checkboxes
invisible, and so on). When half of all possible controls on one page are
invisible in one role, the other controls need to be rendered on other
locations on the page ('blank spaces' not allowed). So the pages have to be
as generic as possible.

Is there a 'best way' to build such an application that meets this specs?

Any help appreciated.

Greetings,
Roel Korsten
 
B

Brock Allen

1. App has to have its own membership (login-page and so on) but when
the app is running in an Active Directory (AD) environment, the users
should login automatically (single sign-on) based on their Windows
account credentials. We want to use the membership controls of VS2005
but are they flexible enough if the app is running in an AD
environment?

Yes this can be done. Probabaly the simplest way is to setup 2 different
apps in IIS. One that has anonymous auth and the other that does windows
auth. The one that is configured for anon in IIS should be the main application
and use Forms auth in ASP.NET. Your non-AD users just go to this app and
login normally. Your windows users, OTOH, go to the second app. When they
go to the second app they'll be required to auth with windows credentials
and then once they're authenticated, you can have code that sees they're
authenticated and then manually creates a FormsAuthenticationTicket and issues
a forms auth cookie and then redirects them to the first app in IIS. When
the redirect comes in, the first app will simply see them logged in as the
2. Different users have different roles (multiple roles per user). Per
rol there are different functions for different controls (textboxes
read-only, gridviews that allow editing but not allow users to add
records, checkboxes invisible, and so on). When half of all possible
controls on one page are invisible in one role, the other controls
need to be rendered on other locations on the page ('blank spaces' not
allowed). So the pages have to be as generic as possible.

There is the <asp:LoginView /> control can hide/show areas on the page for
anon users, logged in users and users based upon roles. For anything more
fine-grained, use the User.IsInRole API to do checks and set properties in
code based upon that.

-Brock
DevelopMentor
http://staff.develop.com/balle
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top