|
|
You're in the
asp.net security
group:Does 'IsInRole()' check against Active Directory groups?
asp.net security:
I need to build in some role authentication for a web app... so, going to
use the web.config to build my rules for the location files. my question is.. does anyone know? on my development box (out of work), i'm out XP Pro... and i've created some groups and users to test it... in the real deal, it's going to be Win 2003 Server using Active Directory..... Obviously, i dont have AD on XP Pro..... Is it the same thing? Will it work the same? Will web.config be able to recognize the groups that a user belongs to to correctly authorize viewing a page based on role authentication? So, will IsInRole() check against groups created in Active Directory on
Yes. It depends on how users are being authenticated by IIS and how you
have ASP.NET configured, but if your web server is a member of a domain that can authenticate users in your target domain and you have ASP.NET configured for Windows authentication, IsInRole will answer true/false for the user's domain groups. Joe K. [quoted text, click to view] "Craig Vedur" <CraigVedur@discussions.microsoft.com> wrote in message news:A0DE7A20-1473-4EF8-A550-977974314D94@microsoft.com... >I need to build in some role authentication for a web app... so, going >to > use the web.config to build my rules for the location files. > > my question is.. does anyone know? > > on my development box (out of work), i'm out XP Pro... and i've created > some groups and users to test it... > > in the real deal, it's going to be Win 2003 Server using Active > Directory..... Obviously, i dont have AD on XP Pro..... Is it the > same > thing? Will it work the same? > > Will web.config be able to recognize the groups that a user belongs to to > correctly authorize viewing a page based on role authentication? > > > So, will IsInRole() check against groups created in Active Directory on > Win2003 Server?
Thats true as Joe adviced.
You can check my blog here for more info(There should be a blog relating to Role Bases Auth). http://spaces.msn.com/members/naijacoder/ Patrick [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:%23VtnLCDrFHA.2212@TK2MSFTNGP15.phx.gbl... > Yes. It depends on how users are being authenticated by IIS and how you > have ASP.NET configured, but if your web server is a member of a domain that > can authenticate users in your target domain and you have ASP.NET configured > for Windows authentication, IsInRole will answer true/false for the user's > domain groups. > > Joe K. > > "Craig Vedur" <CraigVedur@discussions.microsoft.com> wrote in message > news:A0DE7A20-1473-4EF8-A550-977974314D94@microsoft.com... > >I need to build in some role authentication for a web app... so, going > >to > > use the web.config to build my rules for the location files. > > > > my question is.. does anyone know? > > > > on my development box (out of work), i'm out XP Pro... and i've created > > some groups and users to test it... > > > > in the real deal, it's going to be Win 2003 Server using Active > > Directory..... Obviously, i dont have AD on XP Pro..... Is it the > > same > > thing? Will it work the same? > > > > Will web.config be able to recognize the groups that a user belongs to to > > correctly authorize viewing a page based on role authentication? > > > > > > So, will IsInRole() check against groups created in Active Directory on > > Win2003 Server? > >
Thanks Joe, this worked. I have another question.
Initially, i had a login page on my app and used System.DirectoryServices.dll to query AD to authenticate a user / pass. However, it appears that .NET handles this all for me if i disable anonymous access and use the integerated windows auth. Is this true? My app poped up a login screen for user / pass / domain. [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" wrote:
> Yes. It depends on how users are being authenticated by IIS and how you > have ASP.NET configured, but if your web server is a member of a domain that > can authenticate users in your target domain and you have ASP.NET configured > for Windows authentication, IsInRole will answer true/false for the user's > domain groups. > > Joe K. > > "Craig Vedur" <CraigVedur@discussions.microsoft.com> wrote in message > news:A0DE7A20-1473-4EF8-A550-977974314D94@microsoft.com... > >I need to build in some role authentication for a web app... so, going > >to > > use the web.config to build my rules for the location files. > > > > my question is.. does anyone know? > > > > on my development box (out of work), i'm out XP Pro... and i've created > > some groups and users to test it... > > > > in the real deal, it's going to be Win 2003 Server using Active > > Directory..... Obviously, i dont have AD on XP Pro..... Is it the > > same > > thing? Will it work the same? > > > > Will web.config be able to recognize the groups that a user belongs to to > > correctly authorize viewing a page based on role authentication? > > > > > > So, will IsInRole() check against groups created in Active Directory on > > Win2003 Server? > >
Yes, definitely use the built in stuff if you can.
Generally, people do forms auth against AD if there is a technical or policy problem with making the web server a domain member or someone really wants forms auth and wants to torture their devs. The Ldap-based MembershipProvider thing in .NET 2.0 should simplify this more though. Joe K. [quoted text, click to view] "Craig Vedur" <CraigVedur@discussions.microsoft.com> wrote in message news:7B224F7E-EFE1-44D8-A1AE-72469411E086@microsoft.com... > Thanks Joe, this worked. I have another question. > > Initially, i had a login page on my app and used > System.DirectoryServices.dll to query AD to authenticate a user / pass. > > However, it appears that .NET handles this all for me if i disable > anonymous > access and use the integerated windows auth. Is this true? > > My app poped up a login screen for user / pass / domain. > > > > "Joe Kaplan (MVP - ADSI)" wrote: > >> Yes. It depends on how users are being authenticated by IIS and how you >> have ASP.NET configured, but if your web server is a member of a domain >> that >> can authenticate users in your target domain and you have ASP.NET >> configured >> for Windows authentication, IsInRole will answer true/false for the >> user's >> domain groups. >> >> Joe K. >> >> "Craig Vedur" <CraigVedur@discussions.microsoft.com> wrote in message >> news:A0DE7A20-1473-4EF8-A550-977974314D94@microsoft.com... >> >I need to build in some role authentication for a web app... so, >> >going >> >to >> > use the web.config to build my rules for the location files. >> > >> > my question is.. does anyone know? >> > >> > on my development box (out of work), i'm out XP Pro... and i've >> > created >> > some groups and users to test it... >> > >> > in the real deal, it's going to be Win 2003 Server using Active >> > Directory..... Obviously, i dont have AD on XP Pro..... Is it the >> > same >> > thing? Will it work the same? >> > >> > Will web.config be able to recognize the groups that a user belongs to >> > to >> > correctly authorize viewing a page based on role authentication? >> > >> > >> > So, will IsInRole() check against groups created in Active Directory on >> > Win2003 Server? >> >> >>
Thats true actually i just came across this article here at:-
http://blogs.msdn.com/gduthie/archive/2005/08/17/452905.aspx using MembershipProvider thing in .NET 2.0 . Patrick [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:e6mxkjRrFHA.1128@TK2MSFTNGP11.phx.gbl... > Yes, definitely use the built in stuff if you can. > > Generally, people do forms auth against AD if there is a technical or policy > problem with making the web server a domain member or someone really wants > forms auth and wants to torture their devs. The Ldap-based > MembershipProvider thing in .NET 2.0 should simplify this more though. > > Joe K. > > "Craig Vedur" <CraigVedur@discussions.microsoft.com> wrote in message > news:7B224F7E-EFE1-44D8-A1AE-72469411E086@microsoft.com... > > Thanks Joe, this worked. I have another question. > > > > Initially, i had a login page on my app and used > > System.DirectoryServices.dll to query AD to authenticate a user / pass. > > > > However, it appears that .NET handles this all for me if i disable > > anonymous > > access and use the integerated windows auth. Is this true? > > > > My app poped up a login screen for user / pass / domain. > > > > > > > > "Joe Kaplan (MVP - ADSI)" wrote: > > > >> Yes. It depends on how users are being authenticated by IIS and how you > >> have ASP.NET configured, but if your web server is a member of a domain > >> that > >> can authenticate users in your target domain and you have ASP.NET > >> configured > >> for Windows authentication, IsInRole will answer true/false for the > >> user's > >> domain groups. > >> > >> Joe K. > >> > >> "Craig Vedur" <CraigVedur@discussions.microsoft.com> wrote in message > >> news:A0DE7A20-1473-4EF8-A550-977974314D94@microsoft.com... > >> >I need to build in some role authentication for a web app... so, > >> >going > >> >to > >> > use the web.config to build my rules for the location files. > >> > > >> > my question is.. does anyone know? > >> > > >> > on my development box (out of work), i'm out XP Pro... and i've > >> > created > >> > some groups and users to test it... > >> > > >> > in the real deal, it's going to be Win 2003 Server using Active > >> > Directory..... Obviously, i dont have AD on XP Pro..... Is it the > >> > same > >> > thing? Will it work the same? > >> > > >> > Will web.config be able to recognize the groups that a user belongs to > >> > to > >> > correctly authorize viewing a page based on role authentication? > >> > > >> > > >> > So, will IsInRole() check against groups created in Active Directory on > >> > Win2003 Server? > >> > >> > >> > >
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |