How to authorize users against Windows groups using the AspNetWindowsTokenRoleProvider

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

If you use windows groups for authorization, consider using ASP.NET Role Provider with the AspNetWindowsTokenRoleProvider name. This allows you to separate the design of the authorization from the implementation inside your service. If you decide to change the role provider, it will not affect the code needed to perform the authorization. Also consider using imperative checks using the role manager API instead of performing authorization checks with WindowsPrincipal.IsInrole.

The following configuration example shows how to configure AspNetWindowsTokenRoleProvider.
  1. Enable the role manager and configure to use the default AspNetWindowsTokenRoleProvider:
<system.web>
…
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider" />
…
</system.web>
  1. Configure the service behavior to use ASPNetRoles and the role provider:
<behaviors>
    <serviceBehaviors>
        <behavior name="BehaviorConfiguration">
            <serviceAuthorization principalPermissionMode="UseAspNetRoles"
                roleProviderName=" AspNetWindowsTokenRoleProvider " />
            <serviceMetadata />
        </behavior>
    </serviceBehaviors>
</behaviors>

Last edited May 8, 2008 at 1:46 AM by prashantbansode, version 1

Comments

No comments yet.