I've been working on an ASP.NET project. I've successfully implemented LDAP authentication for login and have tested it with multiple users with no issues. LDAP is only controlling my login credential. Everything else is stored in a SQL db. In that database I have a users table that has a bunch of information about the user. I need to do two items with this table as soon as my LDAP authentication completes.

  • I need to verify the user actually has an account in my users table and if not redirect them to a page with information to contact a specific person.
  • If the user exists in the user table then I need to read their security role(s).

With security roles, is it better to have a user assigned to multiple roles to determine what they have access to or create a lot of roles and a user can be associated to only one of them?

1) Are you using Windows or Forms based authentication?

The way I have done this, is to use the Page.User to look up the username in the database, since the authentication is already taken care of you can assume is valid by the time it hits page code whether it is present in the database or not. I put this code in the masterpage, so it ran regardless of the landing page.

2) Personally, I design security around the role, and assign a user whichever roles they require. This has the benefit of being able to easily reassign roles to different users as they change or move around, without having to write new roles based on each individuals job description.