I have been customizing the TimeTrack strarter kit for use in a Intranet application. One of the requirements was to use Windows Authentication with the ASP.NET 2.0 Sitemap and Roles to control access and the menu options by Windows Security Group. With
a lot of Google searching and the help of Danny Chen specifically I was able to get it working.
None
0 Points
5 Posts
Windows Authentication and Roles
Jul 14, 2006 04:20 PM|Jeff Dickerson|LINK
I have been customizing the TimeTrack strarter kit for use in a Intranet application. One of the requirements was to use Windows Authentication with the ASP.NET 2.0 Sitemap and Roles to control access and the menu options by Windows Security Group. With a lot of Google searching and the help of Danny Chen specifically I was able to get it working.
Danny Chen Blog: http://weblogs.asp.net/dannychen/archive/2005/04/19/403365.aspx
1. Configure IIS Web Site/Virtual Directory to uses Integrated Authentication, uncheck Anonymous.
2. Modify web.config file to user Windows Authentication and use Windows Role Manager Provider
<
authentication mode="Windows"/><roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
3. Deny individual users not in roles and anoymous users.
<
authorization><
allow roles="domain\SecurityGroup1, domain\SecurityGroup2" /><
deny users="*, ?"/></
authorization>4. Setup the page access in the sitemap:
<
siteMapNode title="Page1" url="~/dir1/Page1.aspx" description="Home Page" Roles="domain\SecurityGroup1" /><siteMapNode title="Page2" url="~/dir2/Page2.aspx" description="Home Page" Roles="domain\SecurityGroup2" />
5. Set NTFS permissions on the directories.
dir1: Remove "Everyone", Add: domain\SecurityGroup1, webserver\ASPNET (Read,Exec,List)
dir2: Remove "Everyone", Add: domain\SecurityGroup2, webserver\ASPNET (Read,Exec,List)
6. Create User1 and add to SecurityGroup1 group, create User2 and add to SecurityGroup2 group
That was pretty much it. Danny's article goes into more detail if you need it. Hope this helps.
Jeff