Custom Roles w/ Windows Authentication?

Discussion in 'ASP .Net Security' started by Steve Kallal, Jan 5, 2005.

  1. Steve Kallal

    Steve Kallal Guest

    I have a need to define roles at the web application level, but still use
    Windows Authentication. I want the application to authenticate the user from
    the network login. But I do not want to use Active Directory to define the
    role. Instead I was hoping for a simple mechanism to decide whether a user
    has read only or write permissions. Of course I could use Active Directory to
    maintain the roles, but I want to avoid this. So far I have been able to use
    the <authorization> section of web.config to decide which users can log in.
    The
    User.IsInRole("admin")
    statement looks for the "admin" role on Active Directory. I would like to
    redirect the IsInRole function somewhere else more local to the application
    if possible.

    Can this be done?
     
    Steve Kallal, Jan 5, 2005
    #1
    1. Advertising

  2. Sure, there are a bunch of possible approaches to this.

    The basic thing to consider is where your custom roles come from. For
    example, do you want to store them in SQL, AD, XML, etc. Also, you need to
    decide if your custom roles will be mapped based just on user identity or
    also based on AD group membership.

    Microsoft provides a very interesting API for doing application level
    role-based security with great AD integration that you should seriously look
    at for this.

    If you go with a custom route, the mechanics of it are that you will replace
    the WindowsPrincipal in the Context.User property with some custom
    IPrincipal class that contains your own roles that are mapped in based on
    the data you get from the WindowPrincipal that ASP.NET provides you. You
    would hook this in either with an HttpModule or with a global.asax event
    handler.

    I hope this helps.

    Joe K.

    "Steve Kallal" <> wrote in message
    news:...
    >I have a need to define roles at the web application level, but still use
    > Windows Authentication. I want the application to authenticate the user
    > from
    > the network login. But I do not want to use Active Directory to define the
    > role. Instead I was hoping for a simple mechanism to decide whether a user
    > has read only or write permissions. Of course I could use Active Directory
    > to
    > maintain the roles, but I want to avoid this. So far I have been able to
    > use
    > the <authorization> section of web.config to decide which users can log
    > in.
    > The
    > User.IsInRole("admin")
    > statement looks for the "admin" role on Active Directory. I would like to
    > redirect the IsInRole function somewhere else more local to the
    > application
    > if possible.
    >
    > Can this be done?
    >
     
    Joe Kaplan \(MVP - ADSI\), Jan 5, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TS
    Replies:
    4
    Views:
    573
    =?Utf-8?B?VFM=?=
    May 18, 2004
  2. Sale
    Replies:
    0
    Views:
    348
  3. =?Utf-8?B?ZXhraWV2YW4=?=

    Roles with Windows Authentication

    =?Utf-8?B?ZXhraWV2YW4=?=, Apr 19, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    312
    Alexey Smirnov
    Apr 19, 2007
  4. Diego (Atos)
    Replies:
    0
    Views:
    332
    Diego (Atos)
    Feb 5, 2010
  5. Jéjé
    Replies:
    0
    Views:
    248
    Jéjé
    Sep 27, 2005
Loading...

Share This Page