how is this normally done?

[Guest]

hey all,

i have a web form that i want to authenticat with Active Directory. i can do
that part but how do you authorize the user to different roles in my
application. do i have it first authenticate to AD then goto to a database to
retrieve authorization rules?

thanks,
ari

 

[Jon]

You can place them in security groups in AD and the in your webconfig or app
check the role.

 

[Guest]

so, like if i had an issue tracking application and i have 2 types of users.
1 would be users who view issues for status only and 1 would be users who can
update the issues; in Active Directory i would have 2 security groups?

1 would be regular view only and the other administrator account?

P.S. And this would be the same for each new application just add security
groups to Active Directory?

thanks,
ari

 

[Jon]

Yeah thats how you could do it. Of course I wouldn't use the built in admin
group. I'd create an additional admin security group for your app's users

If you are authenticating users using AD you might as well use security
groups to define your roles.

Jon

 

[Guest]

but let's say in my application i need a comma-separated string of all the
departments that this user has rights to. how would i handle that or is that
not a good design approach?

ari.