Reputation: 2622
Windows Authentication Roles
I have created an MVC4 Web App with Windows Auth. Is it possible to define which users have access to what using something like: [Authorize(Roles="Admin")] without relying on AD i.e. specified within database table or within App itself?
Upvotes: 2
Views: 647
Answers (1)
Reputation: 32576
Absolutely. You need to create a custom role provider that checks role memberships based on whatever you have on the back end.
The custom role provider derives from System.Web.Security.RoleProvider, and you need to override at least the GetRolesForUser and IsUserInRole methods.
The GetRolesForUser method is the one used by the Authorize attribute. After the user is authenticated the attribute calls this method with the user's SamAccountName and expects the method to return a string[] containing the names of the roles the user is a member of.
See http://msdn.microsoft.com/en-us/library/8fw7xh74(v=vs.100).aspx for more details
Upvotes: 2
Related Questions
- using roles in asp.net with windows authentication
- Roles available with Windows Authentication
- Minor query about windows authentication using C# and custom roles
- ASP.NET Windows Authentication with Custom Roles
- Windows authentication based role management in ASP.NET Web Application
- SQL Windows Authentication Roles?
- windows forms security c#
- ASP.NET role management with windows authentication
- Authentication and Roles in WPF
- ASP.NET Roles with Windows Auth