Consider this scenario, I am trying to determine if it's possible or the
right way to go about things.

I have an application that I would like to implement security on. I want 3
roles-- User, Admin, and Power User.

I would like to use web.config to specify which NT accounts belong to to
each groups, for example:
DOMAIN\User1, DOMAIN\User2 in User
DOMAIN\User3 in Admin
DOMAIN\User4, DOMAIN\User5 in Power User

And within I will use logic to check to see if the current user belongs to
Power User before displaying a label, for example.

Any ideas/examples? Thanks!

Wells Oliver
Web Application Programmer
Leviton Voice & Data
xxx-xxx-xxxx
http://www.levitonvoicedata.com

Wells,

	I know what you're trying to do is very possible via forms
authentication when you roll your own authentication because we are using
this method in our project.  The HttpContext.Current.User class (accessible
via Page.User in a WebForm) implements IPrincipal which has a
.IsInRole(string) method used to check if a user is included in a particular
role.  Judging the similiarity of NT roles and the ASP.NET security model I
would like to make the assumption that .IsInRole("Power User") or
.IsInRole("Administrator") would work as expected.  Give it a shot and let
us all know if it works.

- Chuck

-----Original Message-----
From: Oliver, Wells [mailto:WOliver@l...]
Sent: Monday, September 16, 2002 1:04 PM
To: ASP+
Subject: [aspx] Role-based security in web.config-- putting NT accounts
into role s?


Consider this scenario, I am trying to determine if it's possible or the
right way to go about things.

I have an application that I would like to implement security on. I want 3
roles-- User, Admin, and Power User.

I would like to use web.config to specify which NT accounts belong to to
each groups, for example:
DOMAIN\User1, DOMAIN\User2 in User
DOMAIN\User3 in Admin
DOMAIN\User4, DOMAIN\User5 in Power User

And within I will use logic to check to see if the current user belongs to
Power User before displaying a label, for example.

Any ideas/examples? Thanks!

Wells Oliver
Web Application Programmer
Leviton Voice & Data
xxx-xxx-xxxx
http://www.levitonvoicedata.com


---

ASP.NET 1.0 Namespace Reference with C#
http://www.wrox.com/acon11.asp?ISBN=1861007442

ASP.NET 1.0 Namespace Reference with VB.NET
http://www.wrox.com/acon11.asp?ISBN=1861007450

These books are a complete reference to the ASP.NET namespaces 
for developers who are already familiar with using ASP.NET. 
There is no trivial introductory material or useless .NET 
hype and the presentation of the namespaces, in an easy-to use 
alphabetical order ensures a user-friendly reference format.
We provide in-depth coverage of all the major ASP.NET classes, 
giving you those real-world tips that the documentation doesn't 
offer, and demonstrating complex techniques with simple 
examples.  

---

Thanks for the response. I think I've got it as far as programmatic access
to the role checks, but I'm not sure how to put the individual NT accounts
into roles when _not_ using forms authentication. I am using only Windows
Authentication.

I'd love to have this done via web.config for ease of maintenance.

-----Original Message-----
From: Feduke Cntr Charles R [mailto:FedukeCR@m...] 
Sent: Monday, September 16, 2002 10:53 AM
To: ASP+
Subject: [aspx] RE: Role-based security in web.config-- putting NT account s
into role s?


Wells,

	I know what you're trying to do is very possible via forms
authentication when you roll your own authentication because we are using
this method in our project.  The HttpContext.Current.User class (accessible
via Page.User in a WebForm) implements IPrincipal which has a
.IsInRole(string) method used to check if a user is included in a particular
role.  Judging the similiarity of NT roles and the ASP.NET security model I
would like to make the assumption that .IsInRole("Power User") or
.IsInRole("Administrator") would work as expected.  Give it a shot and let
us all know if it works.

- Chuck