Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Defining Groups with AD users

Reply
Thread Tools

Defining Groups with AD users

 
 
GeoffreyD
Guest
Posts: n/a
 
      10-25-2007
Hi

I am working on an internal ap.net site and am wanting to assign permissions
to users using their AD account to authenticate against, but am not wanting
to setup the actual groups within AD. At the moment is it seems that my only
answers are ADAM and AzMan. does anyone have any suggestions as to what I
could use from a pure programmatic perspective?

Thanks


 
Reply With Quote
 
 
 
 
Alexey Smirnov
Guest
Posts: n/a
 
      10-25-2007
On Oct 25, 10:35 pm, "GeoffreyD" <(E-Mail Removed)> wrote:
> Hi
>
> I am working on an internal ap.net site and am wanting to assign permissions
> to users using their AD account to authenticate against, but am not wanting
> to setup the actual groups within AD. At the moment is it seems that my only
> answers are ADAM and AzMan. does anyone have any suggestions as to what I
> could use from a pure programmatic perspective?
>
> Thanks


for a page based permissions you can use the web.config file

<authorization>
<allow users="user1,user2"/>

 
Reply With Quote
 
 
 
 
GeoffreyD
Guest
Posts: n/a
 
      10-25-2007
Hey, thanks for the reply but I am doing something similar currently. I need
a more streamlined and generalised solution due to the number of users that
need to use the site. More importantly, users from different groups are
permitted to visit the same page (e.g. the data will be editable for some
but read-only to others) so I need to be able to check group permissions on
a task basis as a opposed to page access basis.

"Alexey Smirnov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> On Oct 25, 10:35 pm, "GeoffreyD" <(E-Mail Removed)> wrote:
>> Hi
>>
>> I am working on an internal ap.net site and am wanting to assign
>> permissions
>> to users using their AD account to authenticate against, but am not
>> wanting
>> to setup the actual groups within AD. At the moment is it seems that my
>> only
>> answers are ADAM and AzMan. does anyone have any suggestions as to what I
>> could use from a pure programmatic perspective?
>>
>> Thanks

>
> for a page based permissions you can use the web.config file
>
> <authorization>
> <allow users="user1,user2"/>
>



 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      10-26-2007
Hi GeoffreyD,

For ASP.NET authentication and role based authorization, you can adopt the
Membership and RoleManager providers. Also, these two providers are
separate so that you can configure each of them to use different provider
respectively. For example, you can configure the membership to use AD
membership provider and Rolemanager to use SQL server provider. Thus, you
can make your client user be authenticated against AD database and after
they have login, their role is retrieved from SQL Server database(via the
role manager provider).

Here is a good article demonstrate using windows authentication(not AD
membership provider since membership is mainly used for forms
authentication) and SQL role manager provider. Howerver, the idea is the
same:

#Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
Authentication and SQL Server
http://weblogs.asp.net/scottgu/pages...-Role_2D00_Bas
ed-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.asp
x

And there are some other good reference about ASP.NET 2.0 Membershp & Role
provider:

#How To: Use Membership in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998347.aspx

#ASP.NET 2.0 Security, Membership and Roles Tutorials
http://weblogs.asp.net/scottgu/archi...Security_2C00_
-Membership-and-Roles-Tutorials.aspx

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.










--------------------
>From: "GeoffreyD" <(E-Mail Removed)>
>References: <(E-Mail Removed)>

<(E-Mail Removed) .com>
>Subject: Re: Defining Groups with AD users
>Date: Thu, 25 Oct 2007 22:56:40 +0200


>Hey, thanks for the reply but I am doing something similar currently. I

need
>a more streamlined and generalised solution due to the number of users

that
>need to use the site. More importantly, users from different groups are
>permitted to visit the same page (e.g. the data will be editable for some
>but read-only to others) so I need to be able to check group permissions

on
>a task basis as a opposed to page access basis.
>
>"Alexey Smirnov" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed) roups.com...
>> On Oct 25, 10:35 pm, "GeoffreyD" <(E-Mail Removed)> wrote:
>>> Hi
>>>
>>> I am working on an internal ap.net site and am wanting to assign
>>> permissions
>>> to users using their AD account to authenticate against, but am not
>>> wanting
>>> to setup the actual groups within AD. At the moment is it seems that my
>>> only
>>> answers are ADAM and AzMan. does anyone have any suggestions as to what

I
>>> could use from a pure programmatic perspective?
>>>
>>> Thanks

>>
>> for a page based permissions you can use the web.config file
>>
>> <authorization>
>> <allow users="user1,user2"/>
>>

>
>
>


 
Reply With Quote
 
GeoffreyD
Guest
Posts: n/a
 
      10-29-2007
Great Thank you very much. I tried it and all is going well. Just one
thing, I notice that when I use the builtin ASP.NET administration site, I
cannot see the members ( due to using windows authentication) which is
understandable. Is there a way to "subscribe" to a particular domain such
that I could see a list of domain users within AD and add them to their
roles without having to make my own page to do this programmatically?

Regards
Geoff

"Steven Cheng[MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi GeoffreyD,
>
> For ASP.NET authentication and role based authorization, you can adopt the
> Membership and RoleManager providers. Also, these two providers are
> separate so that you can configure each of them to use different provider
> respectively. For example, you can configure the membership to use AD
> membership provider and Rolemanager to use SQL server provider. Thus, you
> can make your client user be authenticated against AD database and after
> they have login, their role is retrieved from SQL Server database(via the
> role manager provider).
>
> Here is a good article demonstrate using windows authentication(not AD
> membership provider since membership is mainly used for forms
> authentication) and SQL role manager provider. Howerver, the idea is the
> same:
>
> #Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
> Authentication and SQL Server
> http://weblogs.asp.net/scottgu/pages...-Role_2D00_Bas
> ed-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.asp
> x
>
> And there are some other good reference about ASP.NET 2.0 Membershp & Role
> provider:
>
> #How To: Use Membership in ASP.NET 2.0
> http://msdn2.microsoft.com/en-us/library/ms998347.aspx
>
> #ASP.NET 2.0 Security, Membership and Roles Tutorials
> http://weblogs.asp.net/scottgu/archi...Security_2C00_
> -Membership-and-Roles-Tutorials.aspx
>
> Hope this helps.
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
>
> ==================================================
>
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscripti...ult.aspx#notif
> ications.
>
>
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscripti...t/default.aspx.
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>
>
>
>
>
>
>
> --------------------
>>From: "GeoffreyD" <(E-Mail Removed)>
>>References: <(E-Mail Removed)>

> <(E-Mail Removed) .com>
>>Subject: Re: Defining Groups with AD users
>>Date: Thu, 25 Oct 2007 22:56:40 +0200

>
>>Hey, thanks for the reply but I am doing something similar currently. I

> need
>>a more streamlined and generalised solution due to the number of users

> that
>>need to use the site. More importantly, users from different groups are
>>permitted to visit the same page (e.g. the data will be editable for some
>>but read-only to others) so I need to be able to check group permissions

> on
>>a task basis as a opposed to page access basis.
>>
>>"Alexey Smirnov" <(E-Mail Removed)> wrote in message
>>news:(E-Mail Removed) groups.com...
>>> On Oct 25, 10:35 pm, "GeoffreyD" <(E-Mail Removed)> wrote:
>>>> Hi
>>>>
>>>> I am working on an internal ap.net site and am wanting to assign
>>>> permissions
>>>> to users using their AD account to authenticate against, but am not
>>>> wanting
>>>> to setup the actual groups within AD. At the moment is it seems that my
>>>> only
>>>> answers are ADAM and AzMan. does anyone have any suggestions as to what

> I
>>>> could use from a pure programmatic perspective?
>>>>
>>>> Thanks
>>>
>>> for a page based permissions you can use the web.config file
>>>
>>> <authorization>
>>> <allow users="user1,user2"/>
>>>

>>
>>
>>

>



 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      10-30-2007
Thanks for your reply Geoff,

For the new question you mentioned. I'm afraid we seems have no luck here.
So far ASP.NET membership or role service doesn't provide built-in UI for
us to assocate custom roles and windows authenticated users. I think the
reasonable approach here would be create a simple page which use ADSI to
query all the users and use RoleManager API to assocate roles. Though it
will add some work, however, I'm sure it would still be convenient since
ASP.NET databinding(such as GridView) and the existing Role API has saved
us much time.

If there is anything else we can help, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "GeoffreyD" <(E-Mail Removed)>
>Subject: Re: Defining Groups with AD users
>Date: Mon, 29 Oct 2007 20:26:05 +0200


>Regards
>Geoff
>
>"Steven Cheng[MSFT]" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> Hi GeoffreyD,
>>
>> For ASP.NET authentication and role based authorization, you can adopt

the
>> Membership and RoleManager providers. Also, these two providers are
>> separate so that you can configure each of them to use different provider
>> respectively. For example, you can configure the membership to use AD
>> membership provider and Rolemanager to use SQL server provider. Thus,

you
>> can make your client user be authenticated against AD database and after
>> they have login, their role is retrieved from SQL Server database(via the
>> role manager provider).
>>
>> Here is a good article demonstrate using windows authentication(not AD
>> membership provider since membership is mainly used for forms
>> authentication) and SQL role manager provider. Howerver, the idea is the
>> same:
>>
>> #Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
>> Authentication and SQL Server
>>

http://weblogs.asp.net/scottgu/pages...-Role_2D00_Bas
>>

ed-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.asp
>> x
>>
>> And there are some other good reference about ASP.NET 2.0 Membershp &

Role
>> provider:
>>
>> #How To: Use Membership in ASP.NET 2.0
>> http://msdn2.microsoft.com/en-us/library/ms998347.aspx
>>
>> #ASP.NET 2.0 Security, Membership and Roles Tutorials
>>

http://weblogs.asp.net/scottgu/archi...Security_2C00_
>> -Membership-and-Roles-Tutorials.aspx
>>
>> Hope this helps.
>>
>> Sincerely,
>>
>> Steven Cheng
>>
>> Microsoft MSDN Online Support Lead
>>
>>
>>
>> ==================================================
>>
>> Get notification to my posts through email? Please refer to
>>

http://msdn.microsoft.com/subscripti...ult.aspx#notif
>> ications.
>>
>>
>>
>> Note: The MSDN Managed Newsgroup support offering is for non-urgent

issues
>> where an initial response from the community or a Microsoft Support
>> Engineer within 1 business day is acceptable. Please note that each

follow
>> up response may take approximately 2 business days as the support
>> professional working with you may need further investigation to reach the
>> most efficient resolution. The offering is not appropriate for situations
>> that require urgent, real-time or phone-based interactions or complex
>> project analysis and dump analysis issues. Issues of this nature are best
>> handled working with a dedicated Microsoft Support Engineer by contacting
>> Microsoft Customer Support Services (CSS) at
>> http://msdn.microsoft.com/subscripti...t/default.aspx.
>>
>> ==================================================
>>
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --------------------
>>>From: "GeoffreyD" <(E-Mail Removed)>
>>>References: <(E-Mail Removed)>

>> <(E-Mail Removed) .com>
>>>Subject: Re: Defining Groups with AD users
>>>Date: Thu, 25 Oct 2007 22:56:40 +0200

>>
>>>Hey, thanks for the reply but I am doing something similar currently. I

>> need
>>>a more streamlined and generalised solution due to the number of users

>> that
>>>need to use the site. More importantly, users from different groups are
>>>permitted to visit the same page (e.g. the data will be editable for some
>>>but read-only to others) so I need to be able to check group permissions

>> on
>>>a task basis as a opposed to page access basis.
>>>
>>>"Alexey Smirnov" <(E-Mail Removed)> wrote in message
>>>news:(E-Mail Removed) egroups.com...
>>>> On Oct 25, 10:35 pm, "GeoffreyD" <(E-Mail Removed)> wrote:
>>>>> Hi
>>>>>
>>>>> I am working on an internal ap.net site and am wanting to assign
>>>>> permissions
>>>>> to users using their AD account to authenticate against, but am not
>>>>> wanting
>>>>> to setup the actual groups within AD. At the moment is it seems that

my
>>>>> only
>>>>> answers are ADAM and AzMan. does anyone have any suggestions as to

what
>> I
>>>>> could use from a pure programmatic perspective?
>>>>>
>>>>> Thanks
>>>>
>>>> for a page based permissions you can use the web.config file
>>>>
>>>> <authorization>
>>>> <allow users="user1,user2"/>
>>>>
>>>
>>>
>>>

>>

>
>
>


 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      10-30-2007
Thanks for your reply Geoff,

For the new question you mentioned. I'm afraid we seems have no luck here.
So far ASP.NET membership or role service doesn't provide built-in UI for
us to assocate custom roles and windows authenticated users. I think the
reasonable approach here would be create a simple page which use ADSI to
query all the users and use RoleManager API to assocate roles. Though it
will add some work, however, I'm sure it would still be convenient since
ASP.NET databinding(such as GridView) and the existing Role API has saved
us much time.

If there is anything else we can help, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "GeoffreyD" <(E-Mail Removed)>
>Subject: Re: Defining Groups with AD users
>Date: Mon, 29 Oct 2007 20:26:05 +0200


>Regards
>Geoff
>
>"Steven Cheng[MSFT]" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> Hi GeoffreyD,
>>
>> For ASP.NET authentication and role based authorization, you can adopt

the
>> Membership and RoleManager providers. Also, these two providers are
>> separate so that you can configure each of them to use different provider
>> respectively. For example, you can configure the membership to use AD
>> membership provider and Rolemanager to use SQL server provider. Thus,

you
>> can make your client user be authenticated against AD database and after
>> they have login, their role is retrieved from SQL Server database(via the
>> role manager provider).
>>
>> Here is a good article demonstrate using windows authentication(not AD
>> membership provider since membership is mainly used for forms
>> authentication) and SQL role manager provider. Howerver, the idea is the
>> same:
>>
>> #Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows
>> Authentication and SQL Server
>>

http://weblogs.asp.net/scottgu/pages...-Role_2D00_Bas
>>

ed-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.asp
>> x
>>
>> And there are some other good reference about ASP.NET 2.0 Membershp &

Role
>> provider:
>>
>> #How To: Use Membership in ASP.NET 2.0
>> http://msdn2.microsoft.com/en-us/library/ms998347.aspx
>>
>> #ASP.NET 2.0 Security, Membership and Roles Tutorials
>>

http://weblogs.asp.net/scottgu/archi...Security_2C00_
>> -Membership-and-Roles-Tutorials.aspx
>>
>> Hope this helps.
>>
>> Sincerely,
>>
>> Steven Cheng
>>
>> Microsoft MSDN Online Support Lead
>>
>>
>>
>> ==================================================
>>
>> Get notification to my posts through email? Please refer to
>>

http://msdn.microsoft.com/subscripti...ult.aspx#notif
>> ications.
>>
>>
>>
>> Note: The MSDN Managed Newsgroup support offering is for non-urgent

issues
>> where an initial response from the community or a Microsoft Support
>> Engineer within 1 business day is acceptable. Please note that each

follow
>> up response may take approximately 2 business days as the support
>> professional working with you may need further investigation to reach the
>> most efficient resolution. The offering is not appropriate for situations
>> that require urgent, real-time or phone-based interactions or complex
>> project analysis and dump analysis issues. Issues of this nature are best
>> handled working with a dedicated Microsoft Support Engineer by contacting
>> Microsoft Customer Support Services (CSS) at
>> http://msdn.microsoft.com/subscripti...t/default.aspx.
>>
>> ==================================================
>>
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --------------------
>>>From: "GeoffreyD" <(E-Mail Removed)>
>>>References: <(E-Mail Removed)>

>> <(E-Mail Removed) .com>
>>>Subject: Re: Defining Groups with AD users
>>>Date: Thu, 25 Oct 2007 22:56:40 +0200

>>
>>>Hey, thanks for the reply but I am doing something similar currently. I

>> need
>>>a more streamlined and generalised solution due to the number of users

>> that
>>>need to use the site. More importantly, users from different groups are
>>>permitted to visit the same page (e.g. the data will be editable for some
>>>but read-only to others) so I need to be able to check group permissions

>> on
>>>a task basis as a opposed to page access basis.
>>>
>>>"Alexey Smirnov" <(E-Mail Removed)> wrote in message
>>>news:(E-Mail Removed) egroups.com...
>>>> On Oct 25, 10:35 pm, "GeoffreyD" <(E-Mail Removed)> wrote:
>>>>> Hi
>>>>>
>>>>> I am working on an internal ap.net site and am wanting to assign
>>>>> permissions
>>>>> to users using their AD account to authenticate against, but am not
>>>>> wanting
>>>>> to setup the actual groups within AD. At the moment is it seems that

my
>>>>> only
>>>>> answers are ADAM and AzMan. does anyone have any suggestions as to

what
>> I
>>>>> could use from a pure programmatic perspective?
>>>>>
>>>>> Thanks
>>>>
>>>> for a page based permissions you can use the web.config file
>>>>
>>>> <authorization>
>>>> <allow users="user1,user2"/>
>>>>
>>>
>>>
>>>

>>

>
>
>


 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      11-01-2007
Hi Geoff,

Any further questions on this? If so, please don't hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: http://www.velocityreviews.com/forums/(E-Mail Removed) (Steven Cheng[MSFT])
>Organization: Microsoft
>Date: Tue, 30 Oct 2007 03:21:00 GMT
>Subject: Re: Defining Groups with AD users
>
>Thanks for your reply Geoff,
>
>For the new question you mentioned. I'm afraid we seems have no luck here.
>So far ASP.NET membership or role service doesn't provide built-in UI for
>us to assocate custom roles and windows authenticated users. I think the
>reasonable approach here would be create a simple page which use ADSI to
>query all the users and use RoleManager API to assocate roles. Though it
>will add some work, however, I'm sure it would still be convenient since
>ASP.NET databinding(such as GridView) and the existing Role API has saved
>us much time.
>
>If there is anything else we can help, welcome to post here.
>
>Sincerely,
>
>Steven Cheng
>
>Microsoft MSDN Online Support Lead
>
>
>This posting is provided "AS IS" with no warranties, and confers no rights.
>
>--


 
Reply With Quote
 
GeoffreyD
Guest
Posts: n/a
 
      11-01-2007
Thanks, but this issue is now resolved

"Steven Cheng[MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Geoff,
>
> Any further questions on this? If so, please don't hesitate to post here.
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> --------------------
>>From: (E-Mail Removed) (Steven Cheng[MSFT])
>>Organization: Microsoft
>>Date: Tue, 30 Oct 2007 03:21:00 GMT
>>Subject: Re: Defining Groups with AD users
>>
>>Thanks for your reply Geoff,
>>
>>For the new question you mentioned. I'm afraid we seems have no luck here.
>>So far ASP.NET membership or role service doesn't provide built-in UI for
>>us to assocate custom roles and windows authenticated users. I think the
>>reasonable approach here would be create a simple page which use ADSI to
>>query all the users and use RoleManager API to assocate roles. Though it
>>will add some work, however, I'm sure it would still be convenient since
>>ASP.NET databinding(such as GridView) and the existing Role API has saved
>>us much time.
>>
>>If there is anything else we can help, welcome to post here.
>>
>>Sincerely,
>>
>>Steven Cheng
>>
>>Microsoft MSDN Online Support Lead
>>
>>
>>This posting is provided "AS IS" with no warranties, and confers no
>>rights.
>>
>>--

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Defining Roles, Groups? AMP ASP .Net Security 5 08-31-2007 07:22 AM
Groups of groups with PIX. AM Cisco 2 01-31-2006 04:37 PM
Windows groups, VPN groups, and SecureACS John Sasso Cisco 0 10-02-2004 03:39 PM
defining or not defining destructors johny smith C++ 8 07-02-2004 08:51 AM
defining groups of IPs in access-lists.... Captain Cisco 4 05-10-2004 05:43 PM



Advertisments