«

I need to build in some role authentication for a web app... so, going to
use the web.config to build my rules for the location files.

my question is.. does anyone know?

on my development box (out of work), i'm out XP Pro... and i've created
some groups and users to test it...

in the real deal, it's going to be Win 2003 Server using Active
Directory..... Obviously, i dont have AD on XP Pro..... Is it the same
thing? Will it work the same?

Will web.config be able to recognize the groups that a user belongs to to
correctly authorize viewing a page based on role authentication?


So, will IsInRole() check against groups created in Active Directory on
Win2003 Server?

Yes. It depends on how users are being authenticated by IIS and how you
have ASP.NET configured, but if your web server is a member of a domain that
can authenticate users in your target domain and you have ASP.NET configured
for Windows authentication, IsInRole will answer true/false for the user's
domain groups.

Joe K.

"Craig Vedur" <> wrote in message
news:A0DE7A20-1473-4EF8-A550-...
>I need to build in some role authentication for a web app... so, going
>to
> use the web.config to build my rules for the location files.
>
> my question is.. does anyone know?
>
> on my development box (out of work), i'm out XP Pro... and i've created
> some groups and users to test it...
>
> in the real deal, it's going to be Win 2003 Server using Active
> Directory..... Obviously, i dont have AD on XP Pro..... Is it the
> same
> thing? Will it work the same?
>
> Will web.config be able to recognize the groups that a user belongs to to
> correctly authorize viewing a page based on role authentication?
>
>
> So, will IsInRole() check against groups created in Active Directory on
> Win2003 Server?

Thats true as Joe adviced.
You can check my blog here for more info(There should be a blog relating to
Role Bases Auth).
http://spaces.msn.com/members/naijacoder/
Patrick


"Joe Kaplan (MVP - ADSI)" <> wrote
in message news:%...
> Yes. It depends on how users are being authenticated by IIS and how you
> have ASP.NET configured, but if your web server is a member of a domain
that
> can authenticate users in your target domain and you have ASP.NET
configured
> for Windows authentication, IsInRole will answer true/false for the user's
> domain groups.
>
> Joe K.
>
> "Craig Vedur" <> wrote in message
> news:A0DE7A20-1473-4EF8-A550-...
> >I need to build in some role authentication for a web app... so, going
> >to
> > use the web.config to build my rules for the location files.
> >
> > my question is.. does anyone know?
> >
> > on my development box (out of work), i'm out XP Pro... and i've
created
> > some groups and users to test it...
> >
> > in the real deal, it's going to be Win 2003 Server using Active
> > Directory..... Obviously, i dont have AD on XP Pro..... Is it the
> > same
> > thing? Will it work the same?
> >
> > Will web.config be able to recognize the groups that a user belongs to
to
> > correctly authorize viewing a page based on role authentication?
> >
> >
> > So, will IsInRole() check against groups created in Active Directory on
> > Win2003 Server?
>
>

Thanks Joe, this worked. I have another question.

Initially, i had a login page on my app and used
System.DirectoryServices.dll to query AD to authenticate a user / pass.

However, it appears that .NET handles this all for me if i disable anonymous
access and use the integerated windows auth. Is this true?

My app poped up a login screen for user / pass / domain.



"Joe Kaplan (MVP - ADSI)" wrote:

> Yes. It depends on how users are being authenticated by IIS and how you
> have ASP.NET configured, but if your web server is a member of a domain that
> can authenticate users in your target domain and you have ASP.NET configured
> for Windows authentication, IsInRole will answer true/false for the user's
> domain groups.
>
> Joe K.
>
> "Craig Vedur" <> wrote in message
> news:A0DE7A20-1473-4EF8-A550-...
> >I need to build in some role authentication for a web app... so, going
> >to
> > use the web.config to build my rules for the location files.
> >
> > my question is.. does anyone know?
> >
> > on my development box (out of work), i'm out XP Pro... and i've created
> > some groups and users to test it...
> >
> > in the real deal, it's going to be Win 2003 Server using Active
> > Directory..... Obviously, i dont have AD on XP Pro..... Is it the
> > same
> > thing? Will it work the same?
> >
> > Will web.config be able to recognize the groups that a user belongs to to
> > correctly authorize viewing a page based on role authentication?
> >
> >
> > So, will IsInRole() check against groups created in Active Directory on
> > Win2003 Server?
>
>
>

Yes, definitely use the built in stuff if you can.

Generally, people do forms auth against AD if there is a technical or policy
problem with making the web server a domain member or someone really wants
forms auth and wants to torture their devs. The Ldap-based
MembershipProvider thing in .NET 2.0 should simplify this more though.

Joe K.

"Craig Vedur" <> wrote in message
news:7B224F7E-EFE1-44D8-A1AE-...
> Thanks Joe, this worked. I have another question.
>
> Initially, i had a login page on my app and used
> System.DirectoryServices.dll to query AD to authenticate a user / pass.
>
> However, it appears that .NET handles this all for me if i disable
> anonymous
> access and use the integerated windows auth. Is this true?
>
> My app poped up a login screen for user / pass / domain.
>
>
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> Yes. It depends on how users are being authenticated by IIS and how you
>> have ASP.NET configured, but if your web server is a member of a domain
>> that
>> can authenticate users in your target domain and you have ASP.NET
>> configured
>> for Windows authentication, IsInRole will answer true/false for the
>> user's
>> domain groups.
>>
>> Joe K.
>>
>> "Craig Vedur" <> wrote in message
>> news:A0DE7A20-1473-4EF8-A550-...
>> >I need to build in some role authentication for a web app... so,
>> >going
>> >to
>> > use the web.config to build my rules for the location files.
>> >
>> > my question is.. does anyone know?
>> >
>> > on my development box (out of work), i'm out XP Pro... and i've
>> > created
>> > some groups and users to test it...
>> >
>> > in the real deal, it's going to be Win 2003 Server using Active
>> > Directory..... Obviously, i dont have AD on XP Pro..... Is it the
>> > same
>> > thing? Will it work the same?
>> >
>> > Will web.config be able to recognize the groups that a user belongs to
>> > to
>> > correctly authorize viewing a page based on role authentication?
>> >
>> >
>> > So, will IsInRole() check against groups created in Active Directory on
>> > Win2003 Server?
>>
>>
>>

Thats true actually i just came across this article here at:-
http://blogs.msdn.com/gduthie/archiv...17/452905.aspx
using MembershipProvider thing in .NET 2.0 .
Patrick



"Joe Kaplan (MVP - ADSI)" <> wrote
in message news:...
> Yes, definitely use the built in stuff if you can.
>
> Generally, people do forms auth against AD if there is a technical or
policy
> problem with making the web server a domain member or someone really wants
> forms auth and wants to torture their devs. The Ldap-based
> MembershipProvider thing in .NET 2.0 should simplify this more though.
>
> Joe K.
>
> "Craig Vedur" <> wrote in message
> news:7B224F7E-EFE1-44D8-A1AE-...
> > Thanks Joe, this worked. I have another question.
> >
> > Initially, i had a login page on my app and used
> > System.DirectoryServices.dll to query AD to authenticate a user / pass.
> >
> > However, it appears that .NET handles this all for me if i disable
> > anonymous
> > access and use the integerated windows auth. Is this true?
> >
> > My app poped up a login screen for user / pass / domain.
> >
> >
> >
> > "Joe Kaplan (MVP - ADSI)" wrote:
> >
> >> Yes. It depends on how users are being authenticated by IIS and how
you
> >> have ASP.NET configured, but if your web server is a member of a domain
> >> that
> >> can authenticate users in your target domain and you have ASP.NET
> >> configured
> >> for Windows authentication, IsInRole will answer true/false for the
> >> user's
> >> domain groups.
> >>
> >> Joe K.
> >>
> >> "Craig Vedur" <> wrote in message
> >> news:A0DE7A20-1473-4EF8-A550-...
> >> >I need to build in some role authentication for a web app... so,
> >> >going
> >> >to
> >> > use the web.config to build my rules for the location files.
> >> >
> >> > my question is.. does anyone know?
> >> >
> >> > on my development box (out of work), i'm out XP Pro... and i've
> >> > created
> >> > some groups and users to test it...
> >> >
> >> > in the real deal, it's going to be Win 2003 Server using Active
> >> > Directory..... Obviously, i dont have AD on XP Pro..... Is it
the
> >> > same
> >> > thing? Will it work the same?
> >> >
> >> > Will web.config be able to recognize the groups that a user belongs
to
> >> > to
> >> > correctly authorize viewing a page based on role authentication?
> >> >
> >> >
> >> > So, will IsInRole() check against groups created in Active Directory
on
> >> > Win2003 Server?
> >>
> >>
> >>
>
>