I've been working on an ASP.NET project. I've successfully implemented LDAP authentication for login and have tested it with multiple users with no issues. LDAP is only controlling my login credential. Everything else is stored in a SQL db. In that database I have a users table that has a bunch of information about the user. I need to do two items with this table as soon as my LDAP authentication completes.
- I need to verify the user actually has an account in my users table and if not redirect them to a page with information to contact a specific person.
- If the user exists in the user table then I need to read their security role(s).
With security roles, is it better to have a user assigned to multiple roles to determine what they have access to or create a lot of roles and a user can be associated to only one of them?