1

We are building an intranet application that would use integrated windows authentication. The application would require custom actions and roles to secure different parts and functions.

My current idea is to extend active directory by storing the roles and actions in a different database linked to an active directory user using the SID. That way we know who the user is and fetch his allowed roles (with the actions) from our database without much hassle.

Do you think this is a good approach or are there better ways of dealing with these things?

I have read this post: User Group and Role Management in .NET with Active Directory
But Active Directory does not support programmatically creating roles and there is no support for custom actions whatsoever.

4

1 回答 1

1

有几个选项浮现在脑海中:

  • 您可以将 ADAM(又名 AD LDS)用于您的角色存储 - 编程模型与 AD 相同,这很好;
  • 您可以使用 AzMan(又名授权管理器) - 它与 ASP.NET 很好地集成,您可以将它与内置角色提供程序一起使用。它可以将其数据存储在 XML 或 AD 中。此外,EntLib 带有一个 AzMan 包装器,因此您可以通过另一种方式使用它。我非常喜欢 AzMan,因为您可以随时更改用户角色。
于 2009-09-03T14:22:52.423 回答