Role based authentication using LDAP in ASP.Net

I need to implement Role/Group based authentication in my ASP.Net web application using Active Directory Domain Services and LDAP. i want to use user’s windows logon identity credentials for authentication. I have no clue where to start. If anybody have implemented th开发者_如何学Pythone similar requirement, please reply with some pointers.

Also, please let me know, how i can test this in my organisation network and What should be the LDAP server credentials? Can i add our custom groups? Please reply asap.

I'm just looking into this myself. In the past I've implemented Azman (authorization manager) on windows 2003 (it comes with windows 2003). This seems to work well; my app's been in production for 3 years with a fairly complex config and has held together ok.

Azman has been developed further with windows 2008, but I haven't implemented on this platform yet.

The thing that I liked about Azman was that it abstracts the authorization management away from the app code itself and can give very granular permissions. That said I'm still looking around for alternatives; the biz rule functionality always felt abit flaky for some reason and at least for my app became very important (biz rules let you set context around rights... so for example bob can edit some textbox, but only for specific records). Anyhow here's a few links that might help:

http://support.microsoft.com/kb/324470

http://msdn.microsoft.com/en-us/magazine/cc300469.aspx

I'm not sure if these articles answer all your questions.. or maybe you've found another solution? If after reading you have more questions just yell :)