views:

149

answers:

3

We are writing a web application to be deployed on our intranet. We want to implement role based security but would like to not write it all from scratch.

Is there anything built into .NET to do this or can anybody recommend a tool.

A: 

Yes, just take a look at the Membership API.

This blog post from Scott Guthrie has links to several resources to help you get started.

http://weblogs.asp.net/scottgu/archive/2006/02/24/asp.net-2.0-membership%5F2c00%5F-roles%5F2c00%5F-forms-authentication%5F2c00%5F-and-security-resources-.aspx

Rob Windsor
+1  A: 

Membership provider works well. I've provided a sample from our web.config:

<membership defaultProvider="CSLAMembershipProvider">
   <providers>
       <add name="CSLAMembershipProvider"
      type="..."
      functionalProvider="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"
      enableSearchMethods="true"
      connectionProtection="None"
      attributeMapPasswordQuestion="..."
      attributeMapPasswordAnswer="..."
      attributeMapFailedPasswordAnswerCount="..."
      attributeMapFailedPasswordAnswerTime="..."
      attributeMapFailedPasswordAnswerLockoutTime="..."
      enablePasswordReset="true"
      requiresQuestionAndAnswer="true"
      minRequiredPasswordLength="1"
      minRequiredNonalphanumericCharacters="0"
      passwordStrengthRegularExpression="(?=.{8,})(?=(.*\d){1,})(?=(.*\W){1,})(?=(.*[a-z)){1,})(?=(.*^[a-z]){1,})"
      connectionStringName="..."
      />
   </providers>
</membership>
Mark Kadlec
+1  A: 

Also consider switching to authenticate against your central directory, like Active Directory if you run it, so you don't have to maintain two separate user account databases and passwords. This is quite easily done with the membership model like in this example. Groups in AD will be roles and so forth.

Oskar Duveborn
do you have any examples of code to use AD with an ASP.NET application?
Paul