You are building an Intranet expense report application for
your organization, and want to enable role-based authentication and
authorization capabilities within it. Specifically, you want to create
logical roles called “approvers”, “auditors”, and “administrators” for the
application, and grant/deny end-users access to functionality within the
application based on whether they are in these roles.
Because your application is an Intranet solution, you want
to use Windows Authentication to login the users accessing the application
(avoiding them having to manually login). However, because the roles you
want to define are specific to your application, you do not want to define or
store them within your network’s Windows Active Directory. Instead, you
want to define and store these roles within a database. You then want to
map Windows user accounts stored within Active Directory to these roles, and
grant/deny access within the application based on them.
In addition to using roles to authorize access to individual
pages within the application, you want to dynamically filter the links
displayed within the site’s menu navigation based on whether users have
permissions (or not) to those links. And lastly, you want to build-in a
custom role-management administration UI directly within the expense report
application for “expense app administrators” to manage these roles and control
who has access to the capabilities of the app:
Figure 1