Roles/Groups in ASP.NET 2.0

[Chris]

I'm looking to protect some pages using the Membership provider (ADS)
built into .NET 2.0. In order to protect these pages, whose details are
stored inside a SQL Server table with columns id,name,url,parentid etc.
I need to link them into some roles, or groups.

So only certain groups from our Active Directory can access certain
pages. The problem I'm facing is that ASP.NET 2.0 seems to restrict you
to using its Role provider model only.

This provider is great if you don't already have the groups of users
setup (or users inside certain roles). But I don't want the groups (or
Roles) stored in two places, I want to be able to assign page access to
certain groups from our Active Directory.

This is what I'm reading:
http://msdn2.microsoft.com/en-us/library/5k850zwb.aspx

Will I have to write my own implementation of RoleProvider for this?
Also, is there a provider that already exists for tying together page
access to roles/groups?

Most importantly, I want to be able to specify certain users as having
edit rights, whilst others only have view rights to different pages. I
was hoping to achieve this without writing my own system but
implementing a built-in provider in .NET 2

 

[Chris]

I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

 

[Erik Funkenbusch]

I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.

 

[needin4mation]

It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.

It doesn't seem to be available unless your AD is 2003.

 

[Erik Funkenbusch]

It doesn't seem to be available unless your AD is 2003.

That's true, however you could always use ADAM and syncronize your Win2000
AD with ADAM

 

[Guest]

Actually, you can store AzMan in an XML file (in addition to ADAM and AD.)

Check out:
http://technet2.microsoft.com/WindowsServer/en/Library/72b55950-86cc-4c7f-8fbf-3063276cd0b61033.mspx

 

[Erik Funkenbusch]

Actually, you can store AzMan in an XML file (in addition to ADAM and AD.)

Hmm.. I thought the AD integration dependancy on 2003 level was related to
using AD as your user source, not simply storing it in AD. Or am I wrong
on that?