开发者

Authentication with ActiveDirectory and authorization with custom role provider

I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Directory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused. You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Finally, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users. Please see my tables diagram below:

alt text http://img265.imageshack.us/img265/5986/20100221200058.jpg

Let's say I assign UserA to RoleOne. After he logs 开发者_如何学Cin successfully, I do some query to look for his Roles.

Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authorization ticket like ASP.NET role prover does too.


Have you considered using Active Directory groups for roles and the WindowsTokenRoleProvider (or a custom role provider accessing AD)? I find that this works very well for a situation where you're using AD for authentication as well. One tip: use cookies to store the user's roles so you don't have to find them on every request.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜