Excerpt:
You
are building an Intranet expense report application for your organization, and want
to enable role-based authentication and authorization capabilities within it. Specifically,
you want to create logical roles called “approvers”, “auditors”,
and “administrators” for the application, and grant/deny end-users access
to functionality within the application based on whether they are in these roles.
Because
your application is an Intranet solution, you want to use Windows Authentication to
login the users accessing the application (avoiding them having to manually login). However,
because the roles you want to define are specific to your application, you do not
want to define or store them within your network’s Windows Active Directory. Instead,
you want to define and store these roles within a database. You
then want to map Windows user accounts stored within Active Directory to these roles,
and grant/deny access within the application based on them.
In
addition to using roles to authorize access to individual pages within the application,
you want to dynamically filter the links displayed within the site’s menu navigation
based on whether users have permissions (or not) to those links. And
lastly, you want to build-in a custom role-management administration UI directly within
the expense report application for “expense app administrators” to manage
these roles and control who has access to the capabilities of the app:
ScottGu’s
Blog: Recipe: Implementing Role Based Security using Windows Authentication
Random Posts
Loading…