By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,183 Members | 1,190 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,183 IT Pros & Developers. It's quick & easy.

ASP.NET 2.0 Membership and AD

P: n/a
Hello,

We're about to develop an ASP.NET 2.0 application. We're investigating all
the new stuff in ASP.NET 2.0 and how to use it.

There are 2 important specs for the app:

1. App has to have its own membership (login-page and so on) but when the
app is running in an Active Directory (AD) environment, the users should
login automatically (single sign-on) based on their Windows account
credentials. We want to use the membership controls of VS2005 but are they
flexible enough if the app is running in an AD environment?

2. Different users have different roles (multiple roles per user). Per rol
there are different functions for different controls (textboxes read-only,
gridviews that allow editing but not allow users to add records, checkboxes
invisible, and so on). When half of all possible controls on one page are
invisible in one role, the other controls need to be rendered on other
locations on the page ('blank spaces' not allowed). So the pages have to be
as generic as possible.

Is there a 'best way' to build such an application that meets this specs?

Any help appreciated.

Greetings,
Roel Korsten
Dec 21 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
> 1. App has to have its own membership (login-page and so on) but when
the app is running in an Active Directory (AD) environment, the users
should login automatically (single sign-on) based on their Windows
account credentials. We want to use the membership controls of VS2005
but are they flexible enough if the app is running in an AD
environment?
Yes this can be done. Probabaly the simplest way is to setup 2 different
apps in IIS. One that has anonymous auth and the other that does windows
auth. The one that is configured for anon in IIS should be the main application
and use Forms auth in ASP.NET. Your non-AD users just go to this app and
login normally. Your windows users, OTOH, go to the second app. When they
go to the second app they'll be required to auth with windows credentials
and then once they're authenticated, you can have code that sees they're
authenticated and then manually creates a FormsAuthenticationTicket and issues
a forms auth cookie and then redirects them to the first app in IIS. When
the redirect comes in, the first app will simply see them logged in as the
windows user but with forms auth. This approach requires <machineKeys> to
be synched across both apps.
2. Different users have different roles (multiple roles per user). Per
rol there are different functions for different controls (textboxes
read-only, gridviews that allow editing but not allow users to add
records, checkboxes invisible, and so on). When half of all possible
controls on one page are invisible in one role, the other controls
need to be rendered on other locations on the page ('blank spaces' not
allowed). So the pages have to be as generic as possible.


There is the <asp:LoginView /> control can hide/show areas on the page for
anon users, logged in users and users based upon roles. For anything more
fine-grained, use the User.IsInRole API to do checks and set properties in
code based upon that.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Dec 21 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.