Windows + Custom Security hybrid??

Discussion in 'ASP .Net Security' started by Chris Cichocki, Sep 20, 2006.

  1. We have an ASP.Net 1.0 application that has a proprietary database with role
    information in it. The site is configured to use Windows authentication,
    then it uses your Windows ID as the key to load your role information and
    store it in a custom object along with some other user attributes. Now I
    need to implement this same functionality in ASP.Net 2.0 with Membership and
    Roles Providers, and extend the Membership User to add the extra attributes
    for the user. I'm not quite sure where to start with this one though...

    One of the keys to the current (as well as new) implementation is that all
    the information is loaded behind the scenes and the user never has to go
    through a sign-in process.

    I need to get the Windows identity because that is going to be the key for
    loading the extended user attributes as well as role list, but I need to use
    "custom" membership and role providers (I think).

    Your suggestions are appreciated!
    Chris Cichocki, Sep 20, 2006
    1. Advertisements

  2. Hello Chris,

    From your description, you have an ASP.NET 1.1 application which use
    windows authentication and does authorization based on the roles of each
    windows user (access control check in application), also each user has some
    application specific data associated with him. Currently, you're going to
    upgrade the application to ASP.NET 2.0 and want to utilize the new
    membership/role provider features to do the same task, correct?

    Based on my understanding, you could reimplement the security mechanism in
    ASP.NET 2.0 through the following approach:

    ** still configured IIS to use intergrated windows and make ASP.NET use
    windows authentication.

    ** and the role based <authorization> setting still remain the same(define
    role based acccess control for individual pages or sub directory...)

    ** change the application to use SqlRoleProvider so that we can store our
    custom roles for windows user(based on windows username) in SqlServer

    here is a good blog article(from scottgu's weblog) which has demonstrate a
    typical sampe application similar to your scenario.

    #Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
    Authentication and SQL Server

    In addition, since you mentioned that you also want to add some additional
    cuatom datas associated with each user, you can consider use the Profile
    service in ASP.NET 2.0 whicn can help store some per-user specific data and
    is also provider based(default provider is sqlserver provider).

    #ASP.NET Profile Properties Overview

    #ASP.NET Profile Properties

    Hope this helps. If you have any further questions on this, please feel
    free to let me know.


    Steven Cheng

    Microsoft MSDN Online Support Lead


    Get notification to my posts through email? Please refer to

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], Sep 21, 2006
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M

    Hybrid Project

    A.M, Jan 25, 2004, in forum: ASP .Net
  2. Patrick Meuser

    Tomcat Hybrid/Viral Harvesting

    Patrick Meuser, Aug 16, 2003, in forum: Java
    Aug 17, 2003
  3. Markus Seibold
    Andy Dingley
    Nov 13, 2003
  4. Susanne Kaufmann

    Using hybrid encryption/decryption

    Susanne Kaufmann, Apr 18, 2007, in forum: Java
  5. Onur Gorur

    Hybrid sql server and windows authentication

    Onur Gorur, Nov 11, 2004, in forum: ASP .Net Security
    Joe Kaplan \(MVP - ADSI\)
    Nov 12, 2004

Share This Page