Recipe: Implementing Role Based Security with ASP.NET using Windows Auth and SQL Server
 
Published: 23 Jul 2006
Unedited - Community Contributed
Abstract
In this article, scott demonstrates how to implement role based security using Windows Authentication and SQL Server.
by Scott Guthrie
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 20877/ 69

Introduction

Republished with Permission - Original Article

Problem

You are building an Intranet expense report application for your organization, and want to enable role-based authentication and authorization capabilities within it.  Specifically, you want to create logical roles called “approvers”, “auditors”, and “administrators” for the application, and grant/deny end-users access to functionality within the application based on whether they are in these roles.

Because your application is an Intranet solution, you want to use Windows Authentication to login the users accessing the application (avoiding them having to manually login).  However, because the roles you want to define are specific to your application, you do not want to define or store them within your network’s Windows Active Directory.  Instead, you want to define and store these roles within a database.  You then want to map Windows user accounts stored within Active Directory to these roles, and grant/deny access within the application based on them.

In addition to using roles to authorize access to individual pages within the application, you want to dynamically filter the links displayed within the site’s menu navigation based on whether users have permissions (or not) to those links.  And lastly, you want to build-in a custom role-management administration UI directly within the expense report application for “expense app administrators” to manage these roles and control who has access to the capabilities of the app:

Figure 1

Solution 

I've put together a detailed post that walks through step-by-step how to implement all of this.  You can read it here, and download the completed sample I walk through how to build here.

Hope this helps,

Scott

Resources



User Comments

Title: Drop Down List instead of textBox   
Name: Roderick
Date: 2007-08-03 4:50:00 PM
Comment:
Scott, Great article!! it's been of a lot help now, I was wondering how to use a drop down list with all the users in it instead of typing them in... I've try a lot of things but nothing seems to work. I got the users to display in the drop down list but then when i hit "update" it would go back to first user which is Admin...Any help will be great

Thanks in advance,
Roderick






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2019 ASPAlliance.com  |  Page Processed at 2019-11-20 7:13:43 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search