Roles/Groups in ASP.NET 2.0

Chris

I'm looking to protect some pages using the Membership provider (ADS)
built into .NET 2.0. In order to protect these pages, whose details are
stored inside a SQL Server table with columns id,name,url,parentid etc.
I need to link them into some roles, or groups.

So only certain groups from our Active Directory can access certain
pages. The problem I'm facing is that ASP.NET 2.0 seems to restrict you
to using its Role provider model only.

This provider is great if you don't already have the groups of users
setup (or users inside certain roles). But I don't want the groups (or
Roles) stored in two places, I want to be able to assign page access to
certain groups from our Active Directory.

This is what I'm reading:
http://msdn2.microsoft.com/en-us/library/5k850zwb.aspx

Will I have to write my own implementation of RoleProvider for this?
Also, is there a provider that already exists for tying together page
access to roles/groups?

Most importantly, I want to be able to specify certain users as having
edit rights, whilst others only have view rights to different pages. I
was hoping to achieve this without writing my own system but
implementing a built-in provider in .NET 2

Mar 6 '06 #1

Follow Post Reply

1403

Chris

I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

Mar 6 '06 #2

Erik Funkenbusch

On 6 Mar 2006 02:06:31 -0800, Chris wrote:

I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.

Mar 10 '06 #3

needin4mation

Erik Funkenbusch wrote:

On 6 Mar 2006 02:06:31 -0800, Chris wrote:
I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.

It doesn't seem to be available unless your AD is 2003.

Mar 22 '06 #4

Erik Funkenbusch

On 22 Mar 2006 11:46:40 -0800, ne***********@gmail.com wrote:

Erik Funkenbusch wrote:
On 6 Mar 2006 02:06:31 -0800, Chris wrote:
I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.

It doesn't seem to be available unless your AD is 2003.

That's true, however you could always use ADAM and syncronize your Win2000
AD with ADAM

Mar 22 '06 #5

Dave McPherson [MSFT]

Actually, you can store AzMan in an XML file (in addition to ADAM and AD.)

Check out:
http://technet2.microsoft.com/Window...cd0b61033.mspx

---
HTH
-Dave
---
This posting is provided "As Is" with no warranties, and confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Erik Funkenbusch" wrote:

On 22 Mar 2006 11:46:40 -0800, ne***********@gmail.com wrote:
Erik Funkenbusch wrote:
On 6 Mar 2006 02:06:31 -0800, Chris wrote:

I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.

It doesn't seem to be available unless your AD is 2003.

That's true, however you could always use ADAM and syncronize your Win2000
AD with ADAM

Mar 27 '06 #6

Erik Funkenbusch

On Mon, 27 Mar 2006 13:52:01 -0800, Dave McPherson [MSFT] wrote:

Actually, you can store AzMan in an XML file (in addition to ADAM and AD.)

Hmm.. I thought the AD integration dependancy on 2003 level was related to
using AD as your user source, not simply storing it in AD. Or am I wrong
on that?

Mar 27 '06 #7

Roles/Groups in ASP.NET 2.0

This discussion thread is closed

Similar topics