3

I want to create a web-app (a website) used in house by staff only.

I want to use active directory membersip provider to authenticate users. The thing that is confusing me is how do I manage profiles and roles, and also link users with a FK to other tables.

So far Im thinking of doing something like this but not sure if it is even possible?

  • use Windows authentication (set in web.config)
  • use activedirectorymembership provider + sqlmembership provider?
  • Register users the first time they hit the site (get their email, name, etc from AD and create user in code and add to sql db)
  • Everytime they re-hit the site, check the db if the user exists, if they do, log them in, if not create a new user in sqlmembership.
  • for all other tables use userid from Aspnet_User as an FK in other tables

Will this even work? or is there a better obvious way of doing this?

Thanks

raklos
  • 28,027
  • 60
  • 183
  • 301
  • Could you please answer http://stackoverflow.com/questions/9588265/understanding-wcf-windows-authentication ? – LCJ Mar 06 '12 at 18:58

2 Answers2

1

When using the ActiveDirectory Membership provider, you're authenticating your users against your Active Directory - there's no separate membership database involved (the user accounts are in Active Directory).

The role provider is using the Active Directory/Windows security groups and a user's membership in those groups - again: no separate role database / table involved.

If you want to use the Active Directory provider, then each new user coming to your site would need to be added to your Active Directory as a regular user account.

You cannot use both membership providers at the same time - either you're going against your AD and use the user accounts and groups defined there - (exclusive) OR you're rolling your own, and store user accounts and roles and user's membership in roles in a separate SQL Server database.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • I think this is more what I am after http://goo.gl/qrhTP. what do you reckon? also how about uniquely representing the user (with pk/fk) in the db - how should that be managed? – raklos Jul 21 '11 at 12:43
  • @raklos: yes, that blog post shows how to use the SqlRoleProvider - there's no mention of the ActiveDirectoryProvider anywhere .... you're using Windows Authentication for detecting the user names - but you'll have to create a "Roles" table in SQL Server, and fill it there. The AD provider isn't involved here in any way, really... – marc_s Jul 21 '11 at 15:05
0

could you create a custom role and profile provider?

than you can use the windows username as fk, to reference the user to their roles and profiles.

nWorx
  • 2,145
  • 16
  • 37