«

My sceanrio is this on an asp.net 2.0 freamework.
I want to use any of the data controls e.g Gridview,DetailView etc..
But i want some buttons e.g update,edit save etc to be enable or disabled
based on if they belong to some security groups in active
directory.
I'm looking for the best options for this because i want to store those
security groups somewhere and then check for the
user against those security groups for their authorisation when they lunch
the application.
Preferably i would like to store them in an xml file and then write an API
to change, modify or add active directory security groups.
Any ideas would be appreciated.
Thanks

Depending on the authentication model your app uses, ASP.NET may already
know the user's security group membership. If you are using Windows
authentication, you can just check User.IsInRole and do things like change
the visibility of a control based on the result of that.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"rote" <> wrote in message
news:...
> My sceanrio is this on an asp.net 2.0 freamework.
> I want to use any of the data controls e.g Gridview,DetailView etc..
> But i want some buttons e.g update,edit save etc to be enable or disabled
> based on if they belong to some security groups in active
> directory.
> I'm looking for the best options for this because i want to store those
> security groups somewhere and then check for the
> user against those security groups for their authorisation when they lunch
> the application.
> Preferably i would like to store them in an xml file and then write an API
> to change, modify or add active directory security groups.
> Any ideas would be appreciated.
> Thanks
>
>
>

Thanks Joe for the prompt reply. It seems you are still with Accenture.
I'll be using Windows Auth and thats true i can use User.IsInRole method.
But what 'm consideriing is how i'm going to store the AD sceurity GROUPS i
want to validate the users against.
I would like to have
<?xml version="1.0" encoding="ISO-8859-1"?>
<ActiveDirectory>
<groups>Tove</groups>
</note></ActiveDirectory>
then using the IsinRole method i would like to loop through the groups
node to check for security groups ..Is this achievable?
Thanks in advance


"Joe Kaplan" <> wrote in message
news:...
> Depending on the authentication model your app uses, ASP.NET may already
> know the user's security group membership. If you are using Windows
> authentication, you can just check User.IsInRole and do things like change
> the visibility of a control based on the result of that.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> "rote" <> wrote in message
> news:...
>> My sceanrio is this on an asp.net 2.0 freamework.
>> I want to use any of the data controls e.g Gridview,DetailView etc..
>> But i want some buttons e.g update,edit save etc to be enable or disabled
>> based on if they belong to some security groups in active
>> directory.
>> I'm looking for the best options for this because i want to store those
>> security groups somewhere and then check for the
>> user against those security groups for their authorisation when they
>> lunch the application.
>> Preferably i would like to store them in an xml file and then write an
>> API to change, modify or add active directory security groups.
>> Any ideas would be appreciated.
>> Thanks
>>
>>
>>
>
>

Sure, you could definitely do that. I would probably provide some sort of
wrapper around the groups and the authorization function in general so that
you can easily change this at runtime. Microsoft has a nice, very powerful
framework for this type of thing call AzMan that you can use, or you could
implement something more simple yourself.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"rote" <> wrote in message
news:e0Fr$...
> Thanks Joe for the prompt reply. It seems you are still with Accenture.
> I'll be using Windows Auth and thats true i can use User.IsInRole method.
> But what 'm consideriing is how i'm going to store the AD sceurity GROUPS
> i
> want to validate the users against.
> I would like to have
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <ActiveDirectory>
> <groups>Tove</groups>
> </note></ActiveDirectory>
> then using the IsinRole method i would like to loop through the groups
> node to check for security groups ..Is this achievable?
> Thanks in advance
>
>
> "Joe Kaplan" <> wrote in message
> news:...
>> Depending on the authentication model your app uses, ASP.NET may already
>> know the user's security group membership. If you are using Windows
>> authentication, you can just check User.IsInRole and do things like
>> change the visibility of a control based on the result of that.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "rote" <> wrote in message
>> news:...
>>> My sceanrio is this on an asp.net 2.0 freamework.
>>> I want to use any of the data controls e.g Gridview,DetailView etc..
>>> But i want some buttons e.g update,edit save etc to be enable or
>>> disabled based on if they belong to some security groups in active
>>> directory.
>>> I'm looking for the best options for this because i want to store those
>>> security groups somewhere and then check for the
>>> user against those security groups for their authorisation when they
>>> lunch the application.
>>> Preferably i would like to store them in an xml file and then write an
>>> API to change, modify or add active directory security groups.
>>> Any ideas would be appreciated.
>>> Thanks
>>>
>>>
>>>
>>
>>
>
>

I have read about about AZMAN but i think i will just go for a simple
wrapper though.
Thanks

"Joe Kaplan" <> wrote in message
news:...
> Sure, you could definitely do that. I would probably provide some sort of
> wrapper around the groups and the authorization function in general so
> that you can easily change this at runtime. Microsoft has a nice, very
> powerful framework for this type of thing call AzMan that you can use, or
> you could implement something more simple yourself.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> "rote" <> wrote in message
> news:e0Fr$...
>> Thanks Joe for the prompt reply. It seems you are still with Accenture.
>> I'll be using Windows Auth and thats true i can use User.IsInRole method.
>> But what 'm consideriing is how i'm going to store the AD sceurity GROUPS
>> i
>> want to validate the users against.
>> I would like to have
>> <?xml version="1.0" encoding="ISO-8859-1"?>
>> <ActiveDirectory>
>> <groups>Tove</groups>
>> </note></ActiveDirectory>
>> then using the IsinRole method i would like to loop through the groups
>> node to check for security groups ..Is this achievable?
>> Thanks in advance
>>
>>
>> "Joe Kaplan" <> wrote in message
>> news:...
>>> Depending on the authentication model your app uses, ASP.NET may already
>>> know the user's security group membership. If you are using Windows
>>> authentication, you can just check User.IsInRole and do things like
>>> change the visibility of a control based on the result of that.
>>>
>>> Joe K.
>>>
>>> --
>>> Joe Kaplan-MS MVP Directory Services Programming
>>> Co-author of "The .NET Developer's Guide to Directory Services
>>> Programming"
>>> http://www.directoryprogramming.net
>>> --
>>> "rote" <> wrote in message
>>> news:...
>>>> My sceanrio is this on an asp.net 2.0 freamework.
>>>> I want to use any of the data controls e.g Gridview,DetailView etc..
>>>> But i want some buttons e.g update,edit save etc to be enable or
>>>> disabled based on if they belong to some security groups in active
>>>> directory.
>>>> I'm looking for the best options for this because i want to store those
>>>> security groups somewhere and then check for the
>>>> user against those security groups for their authorisation when they
>>>> lunch the application.
>>>> Preferably i would like to store them in an xml file and then write an
>>>> API to change, modify or add active directory security groups.
>>>> Any ideas would be appreciated.
>>>> Thanks
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>