Extending Active Directory security with actions and roles

views:

146

answers:

Extending Active Directory security with actions and roles

We are building an intranet application that would use integrated windows authentication. The application would require custom actions and roles to secure different parts and functions.

My current idea is to extend active directory by storing the roles and actions in a different database linked to an active directory user using the SID. That way we know who the user is and fetch his allowed roles (with the actions) from our database without much hassle.

Do you think this is a good approach or are there better ways of dealing with these things?

I have read this post: http://stackoverflow.com/questions/726837/user-group-and-role-management-in-net-with-active-directory
But Active Directory does not support programmatically creating roles and there is no support for custom actions whatsoever.

+1 A:

A couple of options spring to mind:

you could use ADAM (aka AD LDS) for your roles store - the programming model is the same as AD, which is nice;
you could us AzMan (aka Authorization Manager) - it integrates nicely with ASP.NET and you can use it with the builtin Roles provider. It can store its data in XML or in the AD. Also, the EntLib comes with an AzMan wrapper so you've another way to use it. I quite like AzMan because you can make changes to user roles on the fly.

serialhobbyist 2009-09-03 14:22:52

I wish I could give you more upvotes for introducing me into AzMan, a whole new world has opened for me :D

Peter 2009-11-12 13:22:59

Thanks! I'm glad I could help. How are you using it? Are you just doing Roles or have you gone down to the level of tasks and operations?

serialhobbyist 2009-11-16 13:38:33

I'm going all the way using tasks and operations. It is everything I wanted to build myself, only better :)

Peter 2009-11-17 08:46:07

ansaurus

tags:

views:

answers:

Extending Active Directory security with actions and roles

related questions