469,086 Members | 1,117 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,086 developers. It's quick & easy.

Roles/Groups in ASP.NET 2.0

I'm looking to protect some pages using the Membership provider (ADS)
built into .NET 2.0. In order to protect these pages, whose details are
stored inside a SQL Server table with columns id,name,url,parentid etc.
I need to link them into some roles, or groups.

So only certain groups from our Active Directory can access certain
pages. The problem I'm facing is that ASP.NET 2.0 seems to restrict you
to using its Role provider model only.

This provider is great if you don't already have the groups of users
setup (or users inside certain roles). But I don't want the groups (or
Roles) stored in two places, I want to be able to assign page access to
certain groups from our Active Directory.

This is what I'm reading:
http://msdn2.microsoft.com/en-us/library/5k850zwb.aspx

Will I have to write my own implementation of RoleProvider for this?
Also, is there a provider that already exists for tying together page
access to roles/groups?

Most importantly, I want to be able to specify certain users as having
edit rights, whilst others only have view rights to different pages. I
was hoping to achieve this without writing my own system but
implementing a built-in provider in .NET 2

Mar 6 '06 #1
6 1325
I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

Mar 6 '06 #2
On 6 Mar 2006 02:06:31 -0800, Chris wrote:
I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role


It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.
Mar 10 '06 #3

Erik Funkenbusch wrote:
On 6 Mar 2006 02:06:31 -0800, Chris wrote:
I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role


It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.


It doesn't seem to be available unless your AD is 2003.

Mar 22 '06 #4
On 22 Mar 2006 11:46:40 -0800, ne***********@gmail.com wrote:
Erik Funkenbusch wrote:
On 6 Mar 2006 02:06:31 -0800, Chris wrote:
I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role


It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.


It doesn't seem to be available unless your AD is 2003.


That's true, however you could always use ADAM and syncronize your Win2000
AD with ADAM
Mar 22 '06 #5
Actually, you can store AzMan in an XML file (in addition to ADAM and AD.)

Check out:
http://technet2.microsoft.com/Window...cd0b61033.mspx

---
HTH
-Dave
---
This posting is provided "As Is" with no warranties, and confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Erik Funkenbusch" wrote:
On 22 Mar 2006 11:46:40 -0800, ne***********@gmail.com wrote:
Erik Funkenbusch wrote:
On 6 Mar 2006 02:06:31 -0800, Chris wrote:

I forgot to mention that I've looked at WindowsTokenRoleProvider. This
works great for looking up if a user is part of a group. However I was
looking for managing roles for the groups. e.g. Edit role, View role,
Delete role

It sounds like you want AzMan, or authorization manager. ASP.NET includes
an AzMan role provider, and then you would use the activedirectory
membership provider.

AzMan allows you to specify complex operations, tasks, and groups. This
way, you can say Members with the "can edit foozles" operation can enable
that button (though this requires a little bit of work to make work right).

AzMan comes with Windows 2003, and you can install it in XP or Windows 2000
by downloading it.


It doesn't seem to be available unless your AD is 2003.


That's true, however you could always use ADAM and syncronize your Win2000
AD with ADAM

Mar 27 '06 #6
On Mon, 27 Mar 2006 13:52:01 -0800, Dave McPherson [MSFT] wrote:
Actually, you can store AzMan in an XML file (in addition to ADAM and AD.)


Hmm.. I thought the AD integration dependancy on 2003 level was related to
using AD as your user source, not simply storing it in AD. Or am I wrong
on that?
Mar 27 '06 #7

This discussion thread is closed

Replies have been disabled for this discussion.

By using this site, you agree to our Privacy Policy and Terms of Use.