Using AD and a Table for Membership and Roles

[jim.stanley]

Hello all,

While I'm fairly familiar with C# and .NET Windows Forms, I'm being
asked to retrofit/enlarge an existing intranet app with
ActiveDirectory-based user security - where I'm an admitted newbie.
In a nutshell, we want to:

Use group membership in Active Directory to define basic roles for
users (so when our network folks add a user to the system and put them
in groups, they automatically get the appropriate access to the
intranet app).

Each role will contain granular permissions - we want to store these
in a SQL Server table. Using this, we can vary each role's privileges
so that our development platform would enable me as a developer to
access everything, where on production, my privileges would be more
limited.

My research has led me to the different RoleProvider objects in
System.Web.Security. I'm a little confused as to how to both enable
the Active Directory roles (where I would be using an
AuthorizationStoreRoleProvider with an LDAP/AD connection string) and
use the SQL server table for the more granular permissions.

This looks like great stuff, and I'm anxious to get started (as is my
boss <g>).

Any advice, directions, links appreciated.

Thanks

Jim Stanley
NTI

 

[Joe Kaplan]

If you are going to use the AuthorizationStoreRoleProvider, you are looking
at using AzMan for the granular permissions, not SQL. However, that might
be fine. AzMan is a very powerful model for doing application-level
authorization and whether or not you store the AzMan policy in SQL (which
you can't they way it works now) may not be as important as gaining the
functionality you are looking for.

I'd suggest buying Dominick's book:

http://www.microsoft.com/mspress/books/9989.aspx

Joe K.