 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / April 2008Active Directory, User Permissions, and .NET?
Hello All, I need to integrate my application into Active Directory. My application has the concept of groups, users, and also individual permissions. Users can be part of a group such as administrators, but explicit permissions may also be set. Can active directory handle this too? For example: Administrators can typically add/remove/edit/delete an item, but one junior administrator may have delete disabled. Can active directory handle this? How does one go about loading this application permissions into AD? What's the best way to integrate into AD? I know I can use the basic IsInRole check, but would this neccessitate lots of roles (one for each explicit permission)? Any tutorials providing a comprehensive overview of Active Directory would be great. Thanks!  Signaturespamhoneypot@rogers.com (Do not e-mail) Active Directory does not delegate permissions. Instead, its role is only to confirm the identity of a user to your program. It is up to your program to decide what kind of permissions to give to a user once active directory has told your program who your user is. Typically, this is done through a linked list implemented by your program. You can see examples of this in SQL Server (you specify active directory users in the security Logins and Roles lists, and then assign specific access rights to each listed user in these lists) and in sharepoint (you specify active directory users through sharepoint screens and then indicate whether they are readers, contributors, etc). In both cases, permissions are stored and granted by each application and not active directory. > Hello All, > [quoted text clipped - 20 lines] > > Thanks! You can use the AD to be used as a centralized policy store that holds authorization policy for one or more applications. Start here: http://msdn2.microsoft.com/en-us/library/aa480244.aspx to get an idea how you can use Authorization Manager as an high-end authorization solution for .NET and native COM based applications. Willy. > You can use the AD to be used as a centralized policy store that holds > authorization policy for one or more applications. > Start here: > http://msdn2.microsoft.com/en-us/library/aa480244.aspx > to get an idea how you can use Authorization Manager as an high-end > authorization solution for .NET and native COM based applications. Thanks - I'll take a look at AzMan. Do you have any experience with AzMan? Is it suitable for use in redistributable applications? What I means is are the policies easily packaged for deployment? Also is the API for AzMan easy to use? Thanks! Signaturespamhoneypot@rogers.com (Do not e-mail) >> You can use the AD to be used as a centralized policy store that holds >> authorization policy for one or more applications. [quoted text clipped - 8 lines] > redistributable applications? What I means is are the policies easily > packaged for deployment? Well, it depends on what kind of store you are looking for and what you mean exactly with "packaged for deployment". The easiest AZRoles store to deploy is the XML file type , which can be used as policy store to describe all tasks/roles etc for an application or a group of applications. But in general you shouldn't use this kind of store other than for prototyping and development. All other store types (SQL Server, ADAM, AD) can de created/updated at deployment time from code (script or other) using the AzMan API's. > Also is the API for AzMan easy to use? Please define "easy". All AzMan's functionality is exposed as a set of COM interfaces. You can use these from scripting clients like VBScript and JScrip as well as from higher level languages like VB6, C#, VB.NET, C++ etc.. The exposed interfaces can be used for both "administration" and "programming". That means that there is a set for administration, while an other set is meant for "application development". Note that AzMan is only available on W2K and XP (as redistributable) and W2K3 and higher (as part of the OS), note also that Vista and higher include some additional functionality. Willy. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.