Defining Groups with AD users

G

GeoffreyD

Hi

I am working on an internal ap.net site and am wanting to assign permissions
to users using their AD account to authenticate against, but am not wanting
to setup the actual groups within AD. At the moment is it seems that my only
answers are ADAM and AzMan. does anyone have any suggestions as to what I
could use from a pure programmatic perspective?

Thanks
 
G

Guest

Hi

I am working on an internal ap.net site and am wanting to assign permissions
to users using their AD account to authenticate against, but am not wanting
to setup the actual groups within AD. At the moment is it seems that my only
answers are ADAM and AzMan. does anyone have any suggestions as to what I
could use from a pure programmatic perspective?

Thanks

for a page based permissions you can use the web.config file

<authorization>
<allow users="user1,user2"/>
 
G

GeoffreyD

Hey, thanks for the reply but I am doing something similar currently. I need
a more streamlined and generalised solution due to the number of users that
need to use the site. More importantly, users from different groups are
permitted to visit the same page (e.g. the data will be editable for some
but read-only to others) so I need to be able to check group permissions on
a task basis as a opposed to page access basis.
 
S

Steven Cheng[MSFT]

Hi GeoffreyD,

For ASP.NET authentication and role based authorization, you can adopt the
Membership and RoleManager providers. Also, these two providers are
separate so that you can configure each of them to use different provider
respectively. For example, you can configure the membership to use AD
membership provider and Rolemanager to use SQL server provider. Thus, you
can make your client user be authenticated against AD database and after
they have login, their role is retrieved from SQL Server database(via the
role manager provider).

Here is a good article demonstrate using windows authentication(not AD
membership provider since membership is mainly used for forms
authentication) and SQL role manager provider. Howerver, the idea is the
same:

#Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
Authentication and SQL Server
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Bas
ed-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.asp
x

And there are some other good reference about ASP.NET 2.0 Membershp & Role
provider:

#How To: Use Membership in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998347.aspx

#ASP.NET 2.0 Security, Membership and Roles Tutorials
http://weblogs.asp.net/scottgu/archive/2006/06/19/ASP.NET-2.0-Security_2C00_
-Membership-and-Roles-Tutorials.aspx

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.










--------------------
From: "GeoffreyD" <[email protected]>
References: <[email protected]>
 
G

GeoffreyD

Great :) Thank you very much. I tried it and all is going well. Just one
thing, I notice that when I use the builtin ASP.NET administration site, I
cannot see the members ( due to using windows authentication) which is
understandable. Is there a way to "subscribe" to a particular domain such
that I could see a list of domain users within AD and add them to their
roles without having to make my own page to do this programmatically?

Regards
Geoff
 
S

Steven Cheng[MSFT]

Thanks for your reply Geoff,

For the new question you mentioned. I'm afraid we seems have no luck here.
So far ASP.NET membership or role service doesn't provide built-in UI for
us to assocate custom roles and windows authenticated users. I think the
reasonable approach here would be create a simple page which use ADSI to
query all the users and use RoleManager API to assocate roles. Though it
will add some work, however, I'm sure it would still be convenient since
ASP.NET databinding(such as GridView) and the existing Role API has saved
us much time.

If there is anything else we can help, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "GeoffreyD" <[email protected]>
Subject: Re: Defining Groups with AD users
Date: Mon, 29 Oct 2007 20:26:05 +0200
 
S

Steven Cheng[MSFT]

Thanks for your reply Geoff,

For the new question you mentioned. I'm afraid we seems have no luck here.
So far ASP.NET membership or role service doesn't provide built-in UI for
us to assocate custom roles and windows authenticated users. I think the
reasonable approach here would be create a simple page which use ADSI to
query all the users and use RoleManager API to assocate roles. Though it
will add some work, however, I'm sure it would still be convenient since
ASP.NET databinding(such as GridView) and the existing Role API has saved
us much time.

If there is anything else we can help, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "GeoffreyD" <[email protected]>
Subject: Re: Defining Groups with AD users
Date: Mon, 29 Oct 2007 20:26:05 +0200
 
S

Steven Cheng[MSFT]

Hi Geoff,

Any further questions on this? If so, please don't hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
G

GeoffreyD

Thanks, but this issue is now resolved :)

Steven Cheng said:
Hi Geoff,

Any further questions on this? If so, please don't hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
From: (e-mail address removed) (Steven Cheng[MSFT])
Organization: Microsoft
Date: Tue, 30 Oct 2007 03:21:00 GMT
Subject: Re: Defining Groups with AD users

Thanks for your reply Geoff,

For the new question you mentioned. I'm afraid we seems have no luck here.
So far ASP.NET membership or role service doesn't provide built-in UI for
us to assocate custom roles and windows authenticated users. I think the
reasonable approach here would be create a simple page which use ADSI to
query all the users and use RoleManager API to assocate roles. Though it
will add some work, however, I'm sure it would still be convenient since
ASP.NET databinding(such as GridView) and the existing Role API has saved
us much time.

If there is anything else we can help, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no
rights.

--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top