I'm wanting to have a few different type of Rights/Roles that a user can be assigned. Since I'm using LDAP for authentication, I have a table setup on an SQL server that has my Rights Groups setup. I want to only show certain content on the site to individuals based on their rights.

What would be the easiest way to do this?

Recommended Answers

All 7 Replies

Ok, so if you having Windows Authentication enabled and Anonymous disabled on the web server, in your asp.net web application, you could add this line to your <system.web> section:

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />

Then on your asp.net pages (code behind), just test for the group membership. For example...

If Roles.IsUserInRole(User.Identity.Name, "Administrators") Then
...
...

Would this work in my situation since I'm not pulling roles from ActiveDirectory?

Active Directory is not required for this configuration. When you enable Windows authentication in IIS you will be able to access the user's token userid/group info..

When you enable the AspNetWindowsTokenRoleProvier in your application, you can get access to the group information that IIS picks up during the session.

You can either store the group names in a DB or compare them as I showed above.

The downside of course is that if you change the name of hte group, you need to update your DB or code, whereever you store the group name.

This technique is not using the object's SID or GUID from AD.

Jorge, Thanks for the quick replies. I've been doiong some reading based on what you sent me. I don't fully understand how I'm going to implement this but I guess I'm going to have to do some more reading. Hopefully the MSDN will be helpful.

give it a shot, reply back as you have additional questions..

I was looking into the Allow and Deny via the Web.Config file(s). How would I leverage that to my advantage or would what you suggested work betteR?

You could use that option. Its up to you. I have traditionally not gone with that route. In a recent project where I used this provider, I needed to control exactly what was shown on a page based (show/hide panels) on group membership, or maybe not show the page and redirect the user. A user being a member of more than one group, the web.config allow/deny was not going to work for me.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.