ASP .NET authentication against Active Directory and Roles via ASP.NET role provider

Question

In my current project, we need to authenticate users of an ASP.NET application against Active Directory. I think it can be achieved using the membership provider without too much problems. but we need also to manage user roles that will be kept in the ASP roles management tool.

Did anyone implement this configuration? Does it look feasible? Any tip for one or the other point?

Thanks. David

Answer 1

Yes! The ASP.NET role provider is designed to work exactly in that case - the particulars of the authentication provider are irrelevant to the role provider, and it will store the bare essential information to make the two work together - basically the user's AD identity (domain\user) is tracked in the role database and matched up when necessary.

Answer 2

There is an ActiveDirectoryMembershipProvider that can be used to use Active Directory for authenticating users.

Alternatively, you could roll your own MembershipProvider by extending the abstract MembershipProvider class and then use System.DirectoryServices to check against Active Directory when validating a user (ValidateUser method of MembershipProvider). This is pretty straightforward to do and you need only implement the methods that you actually need in the custom provider.

You might consider implementing your own RoleProvider too, depending on whether the default fits your needs.