Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Active Directory - Groups and Permissions

Thread Tools

Active Directory - Groups and Permissions

Posts: n/a
I'm creating an intranet site that uses Forms authentication to
validate users against an Active Directory. Users need to be able to
login both from work and remotely. Then I want to be able to do two
things: (1) Check whether a user is in an AD group and (2) enforce NTFS
permissions based on AD username.

First scenario: "Joe" logs in to the web site from home using his
domain username and password. Joe should see certain content on the web
site based on his AD group membership. Let's say he's in Marketing, so
I'd like to be able to check whether User.IsInRole("Marketing"). Right
now when I try that, I get a message saying: "Method is only supported
if the user name parameter matches the user name in the current Windows
Identity." Is this because I've set the app to use the
AspNetWindowsTokenRoleProvider? Does that only work if he is physically
logged into a computer on the AD domain? Is there a way to emulate the
Windows Identity? Or should I be using a different role provider?

Second scenario: Joe has certain permissions to network resources that
need to be enforced. For example, a web folder (WebDAV) with financial
data allows members in group "Marketing" read access only. It is
enforced when he physically logs into the AD domain at work, but it
should also be enforced when he logs in from the road. Right now I'm
using <identity impersonate="true"/> - hoping it will use his username
"Joe" rather than the ASP.NET worker process to access that folder. Is
that the right way to approach the problem?

Currently I'm developing the site on a Windows XP machine using VS2005
and the built-in ASP web server. The production web server will be
Windows 2003, and the AD domain itself is Windows 2000. Any help is
much appreciated. Here are the relevant snippets from my web.config

<add name="ADConnectionString"

<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider" />

<identity impersonate="true"/>

<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="10" />

<deny users="?" />
<allow users="*" />

<membership defaultProvider="MyADMembershipProvider">
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershi pProvi der"
connectionUsername="domain\user" connectionPassword="password"
attributeMapUsername="sAMAccountName" enableSearchMethods="true" />

Reply With Quote
Posts: n/a
Anyone have any tips on this? Even any general resources about how to
harness Active Directory on an ASP.NET 2.0 intranet?

Reply With Quote
Juan T. Llibre
Posts: n/a

Juan T. Llibre, MVP : faq :
foros de, en espaņol :
"Scott" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
> Anyone have any tips on this? Even any general resources about how to
> harness Active Directory on an ASP.NET 2.0 intranet?

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Active Directory, User Permissions, and .NET? Spam Catcher ASP .Net 4 04-21-2008 07:24 PM
Account Permissions to query Active Directory Keith F. ASP .Net Security 2 04-25-2006 02:29 AM
Access denied when using active directory groups and windows authentication David ASP .Net Security 14 11-04-2005 05:21 AM
Active Directory Machine Account Permissions Jay Armstrong ASP .Net Security 4 03-15-2005 04:29 PM
Permissions for access to Active Directory (CAS) Taras Overchuk ASP .Net Security 0 10-31-2003 04:22 PM