Integrating ASP.NET MVC 2 and active directory as well as Windows Authentication

I am currently writing an MVC2 application using both windows authentication and active directory. I am still relatively new to MVC2, so I am a little confused about exactly where to implement any authorization code In addition to Authentication. I开发者_开发问答 know that you edit the web.config file in the MVC2 application to enable windows authentication for instance. Is that all there is too it?

In terms of checking for a users roles once that user is authenticated through Windows Authentication, would that be implemented in the controllers? Should that be implemented outside the MVC application like in a library or something?

Any help with this would be appreciated.

Be careful not to mix authentication and authorization.

Authentication is making sure who the user is. Using windows authentication is pretty simple : enable it in IIS and in web.config, that's all. When a user goes to your site, if it's on a domain, he will be automatically authenticated, if browser security settings allows it (by default on Internet Explorer if the site is intranet zone). Otherwise he will be asked his user/password.

Authorization is making sure what the user can do. This is enabled via custom logic.

See :

• Customizing authorization in ASP.NET MVC
• ASP.NET MVC Authorization
• http://www.google.fr/search?q=asp.net%20mvc%20authorization