HI, 

Im currently using Windows Authentication to allow users access certain areas on my Intranet site.  Is it possible to allows these users access to certain content depending on their role.

I have no experience of using active directory (the user group has been set up in AD by a colleague).

What I need to do is test the role of the user on the page_load event and make certain content visible/invisible depending on their role.  There are two roles : managing_directors and managers.

Any advice appreciated!

Fiorano

This link got me going: http://www.asp.net/learn/3.5-videos/video-45.aspx

 The above video will help, but yes you can allow or deny access based upon roles. This is done in a web.config file in the main directory and in each directory you want to limit access to.

you can create one in each folder by right clicking the folder in solutions view and add a web configuration file

in the files you can set it up like this

<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
         <authorization>
              <deny users="*"/>
              <allow roles="Administrator, Applicant"/>
         </authorization>
    </system.web>
</configuration>

 
you can DENY USERS , or ALLOW USERS / DENY ROLES or ALLOW ROLES* = All users ? = Anonymous users there is also a way to deny users to a specific page 

Yes you can even set the Page Theme and StyleSheetTheme in here to instead of on the page.
don't forget if you do do it on a page by page basis you need the location node with all properties for each page you define, otherwise it works for the whole folder.
So use folder levels when designing for security.
ie
/Admin
/Employee
/Customer
/Applicant
Then in your web.config you can just deny all users and allow that role to access that particular folder. 
Next to set up roles.
First decide what levels of access and types of useres you will have then name your roles
next at the top of the "SOLUTIONS EXPLORER" box there is an icon with a planet and hammer
this takes you to the configuration page then click security and the create/manage roles
after you have created roles, go to manage users and place them into the role you want.
There are other features that use the role system like the LoginView if you need help with this I will post more. 
I can also show you how to create a user and assign them a role at the same time if you need.

 Sorry Above post got screwed up

&nbsp;<P>you can DENY USERS , or ALLOW USERS / DENY ROLES or ALLOW ROLES* = All users ? = Anonymous users there is also a way to deny users to a specific page

Yes you can even set the Page Theme and StyleSheetTheme in here to instead of on the page.</P><P>don't forget if you do do it on a page by page basis you need the location node with all properties for each page you define, otherwise it works for the whole folder.</P><P>So use folder levels when designing for security.</P><P>ie</P><P>/Admin</P><P>/Employee</P><P>/Customer</P><P>/Applicant</P><P>Then in your web.config you can just deny all users and allow that role to access that particular folder. </P><P>Next to set up roles.</P><P>First decide what levels of access and types of useres you will have then name your roles</P><P>next at the top of the "SOLUTIONS EXPLORER" box there is an icon with a planet and hammer</P><P>this takes you to the configuration page then click security and the create/manage roles</P><P>after you have created roles, go to manage users and place them into the role you want.</P><P>There are other features that use the role system like the LoginView if you need help with this I will post more. </P><P>I can also show you how to create a user and assign them a role at the same time if you need.</P>

 Thanks for the reply.

So,  the group of users for my application (eg, I_CONS_Users) as been set up in AD.  Are the two roles : Managing_Directors and Managers set up in AD, or, do I do this in the configuration page?

Hi there

You set your permissions based on access to the site - therefore your Managers will be able to see content based on their role. You can do this as the other posters have indicated by controlling access to a folder, using the web.config file, you can also control access to content by using the sitemap and indicating what certain roles can do / see.

But for your question, you will need to test the role based on how they are logging on to your application and then using Roles.IsUserInRole("Manager") to change content.

Hope this helps

]glo[