ASP.NET 2.0 Membership and AD

Discussion in 'ASP .Net' started by Roel Korsten, Dec 21, 2005.

  1. Roel Korsten

    Roel Korsten Guest

    Hello,

    We're about to develop an ASP.NET 2.0 application. We're investigating all
    the new stuff in ASP.NET 2.0 and how to use it.

    There are 2 important specs for the app:

    1. App has to have its own membership (login-page and so on) but when the
    app is running in an Active Directory (AD) environment, the users should
    login automatically (single sign-on) based on their Windows account
    credentials. We want to use the membership controls of VS2005 but are they
    flexible enough if the app is running in an AD environment?

    2. Different users have different roles (multiple roles per user). Per rol
    there are different functions for different controls (textboxes read-only,
    gridviews that allow editing but not allow users to add records, checkboxes
    invisible, and so on). When half of all possible controls on one page are
    invisible in one role, the other controls need to be rendered on other
    locations on the page ('blank spaces' not allowed). So the pages have to be
    as generic as possible.

    Is there a 'best way' to build such an application that meets this specs?

    Any help appreciated.

    Greetings,
    Roel Korsten
    Roel Korsten, Dec 21, 2005
    #1
    1. Advertising

  2. Roel Korsten

    Brock Allen Guest

    > 1. App has to have its own membership (login-page and so on) but when
    > the app is running in an Active Directory (AD) environment, the users
    > should login automatically (single sign-on) based on their Windows
    > account credentials. We want to use the membership controls of VS2005
    > but are they flexible enough if the app is running in an AD
    > environment?


    Yes this can be done. Probabaly the simplest way is to setup 2 different
    apps in IIS. One that has anonymous auth and the other that does windows
    auth. The one that is configured for anon in IIS should be the main application
    and use Forms auth in ASP.NET. Your non-AD users just go to this app and
    login normally. Your windows users, OTOH, go to the second app. When they
    go to the second app they'll be required to auth with windows credentials
    and then once they're authenticated, you can have code that sees they're
    authenticated and then manually creates a FormsAuthenticationTicket and issues
    a forms auth cookie and then redirects them to the first app in IIS. When
    the redirect comes in, the first app will simply see them logged in as the
    windows user but with forms auth. This approach requires <machineKeys> to
    be synched across both apps.

    > 2. Different users have different roles (multiple roles per user). Per
    > rol there are different functions for different controls (textboxes
    > read-only, gridviews that allow editing but not allow users to add
    > records, checkboxes invisible, and so on). When half of all possible
    > controls on one page are invisible in one role, the other controls
    > need to be rendered on other locations on the page ('blank spaces' not
    > allowed). So the pages have to be as generic as possible.


    There is the <asp:LoginView /> control can hide/show areas on the page for
    anon users, logged in users and users based upon roles. For anything more
    fine-grained, use the User.IsInRole API to do checks and set properties in
    code based upon that.

    -Brock
    DevelopMentor
    http://staff.develop.com/balle
    Brock Allen, Dec 21, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    6
    Views:
    730
  2. Karl
    Replies:
    1
    Views:
    650
  3. Paul
    Replies:
    1
    Views:
    306
    sloan
    Nov 29, 2007
  4. Tino Donderwinkel
    Replies:
    2
    Views:
    751
    Tino Donderwinkel
    Jun 18, 2008
  5. Replies:
    7
    Views:
    202
Loading...

Share This Page