Using Windows Authentication in ASP.NET - Adding properties to users

M

Matt Adamson

Guys,

I'm unsure how to use windows authentication in an intranet application. I'd
like to user existing windows account to identify users however the issue I
have is how to then add settings to those users and map them to roles.

If I'd like to restrict the windows users which log on and what tasks they
can perform in the application how should I do this? Presumably I'd need one
user to log in initially and perform admin type tasks e.g. assign windows
users permissions to use the application, how should I do this? How do I
create the first user who can log in?

Best Regards

Matt
 
G

Guest

Guys,

I'm unsure how to use windows authentication in an intranet application. I'd
like to user existing windows account to identify users however the issue I
have is how to then add settings to those users and map them to roles.

If I'd like to restrict the windows users which log on and what tasks they
can perform in the application how should I do this? Presumably I'd need one
user to log in initially and perform admin type tasks e.g. assign windows
users permissions to use the application, how should I do this? How do I
create the first user who can log in?

Best Regards

Matt

It depends on where do you want to have the user roles.

If you want to have the roles in the intranet application

Set the authentication mode to "Windows" and use the
User.Identity.Name property to identify your user. In the application
make a database with users/roles and query that database to set the
roles. For example it can be done in the global.asax within the
AuthenticateRequest

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)

If Request.IsAuthenticated = True Then

Dim roles() As String

..... code to assign roles() here........

Context.User = New GenericPrincipal(Context.User.Identity, roles)

End If

End Sub

After that you will be able to find if the user has rights or not
using if User.IsInRole("marketing_admin") then....

Something like this.
 
M

Matt Adamson

Thanks Alexey

However how would I use the existing user store from the membership API i.e.
there are user tables

1) aspnet_Membership
2) aspnet_Users

Should I create a new User table which contains the windows log in name e.g.
MICROSOFT\BGATES and then use a record in the member ship tables for other
data such as full name / email address e.t.c.?

Let me know your thoughts as I haven't seen any good examples showing a user
system set up with windows authentication

Best Regards

Matt
 
G

Guest

Thanks Alexey

However how would I use the existing user store from the membership API i.e.
there are user tables

1) aspnet_Membership
2) aspnet_Users

No, I suggested to use "Windows authentication", not a "Form
authentication".

Should I create a new User table which contains the windows log in name e.g.
MICROSOFT\BGATES and then use a record in the member ship tables for other
data such as full name / email address e.t.c.?

Yes, my idea was to use such tables like AspNetAccessProvider does,
where you can assign MICROSOFT\BGATES to his roles. At the same time,
all information like full name / email address and so on is available
in Active Directory (AD) and this can be a second approach you have to
think of. I said nothing about it in the first post because this way
could be more complex to implement. In this case you can call the
information about group membership, and user profile directly from AD.
How to do that - please google for "ASP.NET Active Directory" - I'm
sure you can find many simple examples you can test. In my experience,
it is better to work with AD through a custom COM+ (can be developed
e.g. in VB6) because of the security reasons. All AD-related functions
could be included in this COM+ and used from ASP.NET. I can give you
more details later on if you'll decide to go this way...
 
M

Matt Adamson

I'm confused as AspNetAccessProvider is for microsoft Access.

I don't actually want to extract any information from active directory I
just wanted to use the windows log in name and associate this with user
details held within the application. I presume I could have done this using
a combination of the records in aspnet_Membership aspnet_Users with another
user table.
 
M

Matt Adamson

Thanks, how would you give the first ever user though who could be an
adminstrator and log in to assign new roles to existing windows users. This
bit is unclear to me.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,480
Members
44,900
Latest member
Nell636132

Latest Threads

Top