Hi Mr. N,
It's not clear from your post whether or not it is a requirement that your
users are in fact, Active Directory user accounts, or whether, perhaps, they
could be some other form of "user."
That is, if the requirement is that they are Active Directory users, and you
have access to Active Directory via System.DirectoryServices and LDAP (read
only at least), you can create a separate database with an entry for each
user. Then you can mange the permissions that each user has via this
database, which would be entirely separate from Active Directory, other then
the user account name being in Active Directory, and the web requiring an
Active Directory login to access (disallow anonymous access, in other
words). If this is the case, all Active Directory user accounts would have
to have permission to log in to the web site (so that your ASP.Net app could
authenticate them via your database), and your app would handle allowing
access to different resources, or even all resources.
If, on the other hand, you can neither grant all domain users access to the
web, or you can't get read access to the Active Directory, you could allow
anonymous access, employ a web login (via a web page), and use a database to
manage the permissions in much the same way as described above.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
You can lead a fish to a bicycle,
but you can't make it stink.