locked
Handling Multiple AD Groups? RRS feed

  • Question

  • User172485341 posted

    We've just implemented AD and now want to utilize it within our intranet apps.  I'm developing an (asp.net/vb.net) application with at least 50 groups (2 people in each group) and want to capture each group (name) so that I can tailor the data returned to a specific group.

    My thought was to create a global group (Global_Group) that I would assign all 50 groups to...Group1, Group2...

    Then I would allow the Global_Group access within my web.config file.  From there I know they are allowed initial access and then would search thru the current user's group names until I found Group#.  Using the found Group# I could then tailor my data to display only information as it relates to thi current user's specific groups.

     I'm not sure if this is the best way, so I wanted to get some feedback/advice.  I didn't want to have to hardcode all 50 group names into the web.config file.  Bottomline is I want single-signon and tailored data.

     Thanks for your time and assistance.

      

    Wednesday, October 11, 2006 5:33 PM

All replies

  • User230740928 posted

    Hi, I have to design a AD with the same purpose as your requirement, that i have an AD to manage access of multiple user to multiple domain. Outline of my solution as follow:

    Design AD: 

    • Create group for roles: such as myapp_rolename (finance_administrator, finance_guest....)
    • Create user and assign user to group: one user may be include in some group such as finance, invoice for example one user is member of finance_guest, invoice_administrator, inventory_user, inventory_administrator

    Coding:

    • You get all roles of user by getting the member of of the user such as you can get: finance_guest, invoice_administrator, inventory_user, inventory_administrator
    • Parser all the group of the user to findout whether the user has roles in the application: such as i need to validate user access to inventory with application (i specify the application ID in the web.config): and parser with the user above i get 2 roles: administrator, user and apply access.

    Any more question and real code???

    Monday, October 23, 2006 10:39 PM