S
SpaceMarine
hello,
i am working on intranet web apps in an AD windows environment.
authentication is done via Integrated Windows Authentication.
i have several apps and need to devise a solution to allow admin-users
to create & manage user roles (permissions). things like:
App1-Read
App1-Write
App1-Admin
App2-Read
App2-Write
App3-Admin
....etc. in v1.1 i always did this w/ a roll-yer-own user/role manager
on a SQL backend.
in the 2.0+ world, i was wondering what the options are... 3 main
questions:
1) is this what Role Providers are for? i have found one that allows
me to use a SQL database and stores roles in it. im assuming i still
have to create my own UI for it tho?
2) or, is this the sort of thing to place directly into AD? can i
write code-behind to insert/update/delete custom roles such as these
into AD, and assign/remove users from them?
3) is there a way for me to do user-searches against AD? if i write my
own role manager, i need to write code to allow admin-users to specify
*which* AD users they are assigning roles to.
any sort of suggestion would be appreciated.
thanks!
sm
i am working on intranet web apps in an AD windows environment.
authentication is done via Integrated Windows Authentication.
i have several apps and need to devise a solution to allow admin-users
to create & manage user roles (permissions). things like:
App1-Read
App1-Write
App1-Admin
App2-Read
App2-Write
App3-Admin
....etc. in v1.1 i always did this w/ a roll-yer-own user/role manager
on a SQL backend.
in the 2.0+ world, i was wondering what the options are... 3 main
questions:
1) is this what Role Providers are for? i have found one that allows
me to use a SQL database and stores roles in it. im assuming i still
have to create my own UI for it tho?
2) or, is this the sort of thing to place directly into AD? can i
write code-behind to insert/update/delete custom roles such as these
into AD, and assign/remove users from them?
3) is there a way for me to do user-searches against AD? if i write my
own role manager, i need to write code to allow admin-users to specify
*which* AD users they are assigning roles to.
any sort of suggestion would be appreciated.
thanks!
sm