Hi,
I currently have my application setup and built using Windows
Authentication (WindowsPrincipal). For security checks, I simply do
an IsInRole call on the Principal. The role permissions are hard-
coded, something like this:
private static string[] allowedReadRoles = new string[] { "Sales",
"Ordering" };
I now need to brand my application, and while the roles will remain
the same, the problem is that IsInRole is functioning via group
membership. The branding will be for other companies, which are owned
by the same owners, and use the same office buildings, network /
domain and computers are the main company (the other companies have
less than 10 people).
So, adding the users for Company B to existing groups isn't really an
option... they'd have access to the application for Company A. In the
database that would work, since I add logons for new groups and map
them to existing database roles. For my code though, I don't see a
way to do this. I could provide a similar mapping, but that would
require me to update multiple databases to do the mappings each time I
add a new role to the application.
Any other ideas? Has anyone used Authentication Manager, which allows
you to define real roles, not AD Groups? Is there anything that puts
actual roles in WindowsPrincipal.IsInRole, not just windows groups?
It seems an odd thing; AD groups aren't roles, yet WindowsPrincipal
treats them as such.
Thanks
Andy