RE: ActiveDirectory and user page Access

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hongye,

Thanks for getting back to me. Here are your answers

1. What authentication method you are using? Form or Windows?
Right now I have set it to forms authentication because I am letting users
log on using a login cotrol
2. Where the users and roles come from? AD or user defined.
User and role info is coming from Active directory
3. What operations you want to control by role?
Would like to restrict user access to pages bases on their deined roles in
Active directory. If the sqlRoleProvider can be used with Ad membership
provider, how do i configure it in my web.config file. Some code will help
and any instructions



""Hongye Sun [MSFT]"" wrote:

Hi Alex,

Thanks for your replies.

ASP.net has three role management providers:
1. SqlRoleProvider
2. WindowsTokenRoleProvider
3. AuthorizationStoreRoleProvider

You questions have covered two of them: WindowsTokenRoleProvider and
AuthorizationStoreRoleProvider. Here is their detail explanations:
WindowsTokenRoleProvider:
This is a read-only provider that retrieves role information for a Windows
user account based on the account's Windows security group membership. You
cannot create, add to, or delete roles with this provider.
http://msdn.microsoft.com/en-us/library/system.web.security.windowstokenrole
provider.aspx

AuthorizationStoreRoleProvider: (The one you mentioned in your link)
This is used if your application uses Authorization Manager (AzMan). It
uses an AzMan policy store in an XML file, in Active Directory, or in
Active Directory Application Mode (ADAM) as its role store. It is typically
used in an intranet or extranet scenario where Windows authentication and
Active Directory is used for authentication.
http://msdn.microsoft.com/en-us/library/system.web.security.authorizationsto
reroleprovider.aspx

In my opinion, WindowsTokenRoleProvider has a big limitation that it is
read-only and you cannot add or modify roles. It actually uses AD user
group as role.
AuthorizationStoreRoleProvider is required to install additional components
and its benefit is group operations into tasks and assign tasks to
different roles.

SqlRoleProvider is the most commonly used role provider, and it can work
together with both SQL and AD membership provider.

To choose one which most meets your business requirement. Can you tell us
your business scenario so that we can provide you suggestions on that.

Another one is Web site admin tool. This tool uses the membership provider
and role manager provider in web.config file. That is to say, there is no
restriction that you must use SQL membership provider. You can also use AD
membership provider, however, like WindowsTokenRoleProvider, it is
read-only and you cannot add or modify users. You can only add or modify AD
user from outside.

In order to figure out your requirement, can you provide following three
questions to us?
1. What authentication method you are using? Form or Windows?
2. Where the users and roles come from? AD or user defined.
3. What operations you want to control by role?

Anything unclear please let us know. Have a nice day.

Regards,
Hongye Sun (hongyes@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • RE: ActiveDirectory and user page Access
    ... User and role info is coming from Active directory ... This is a read-only provider that retrieves role information for a Windows ... together with both SQL and AD membership provider. ...
    (microsoft.public.vsnet.general)
  • VB6 DB Anwendung funktioniert nach W2k SP4 nicht mehr
    ... Moin moin! ... zum großen Rest der Anwender) und uns auch beim Testen hilft, sein Windows ... "Provider nicht gefunden" oder so ähnlich. ...
    (microsoft.public.de.vb.datenbank)
  • Re: AES cryptographic provider
    ... As Laszlo pointed out in his reply, there isn't an AES provider on Windows ... > iam running windows xp and also windows 2000.. ...
    (microsoft.public.platformsdk.security)
  • Re: Sorry for not being clear
    ... AUTHORITY\SYSTEM Computer: TIM Description: A provider, ... the provider may cause a security violation if it does not correctly ... This is a windows problem and i don't think anyone here cares. ... Or is that just Bullshit? ...
    (Fedora)
  • Re: Problems installing any CD/DVD burning software
    ... Windows help - www.rickrogers.org ... > A provider, Rsop Planning Mode Provider, has been registered in the WMI ... > provider will be run using the LocalSystem account. ... > was still using the registry during log off. ...
    (microsoft.public.windowsxp.help_and_support)