Using Windows Authentication in ASP.NET - Adding properties to users

[Matt Adamson]

Guys,

I'm unsure how to use windows authentication in an intranet application. I'd
like to user existing windows account to identify users however the issue I
have is how to then add settings to those users and map them to roles.

If I'd like to restrict the windows users which log on and what tasks they
can perform in the application how should I do this? Presumably I'd need one
user to log in initially and perform admin type tasks e.g. assign windows
users permissions to use the application, how should I do this? How do I
create the first user who can log in?

Best Regards

Matt

 

[Joe Kaplan]

Typically, you would implement some role-based security in your application.
There are a variety of ways to do this depending on how fancy you need to
be, but the basic thing to do is to call User.IsInRole and have your
authorization logic decide what to do.

When you use Windows auth, the WindowsPrincipal created that implements the
IPrincipal interface will have roles populated by the user's Windows group
membership, so you generally add users to groups in order to put them in
roles.

If you need more abstraction or mapping, you might want to look at a more
powerful framework like AzMan.

Joe K.