Integrating a Database driven application with Active Directory RRS feed

  • Question

  • Below are the requirements for a sample application that needs to integrate with active directory.  Any suggestions?

    Sample application:  EmployeeList


    1. This application presents a list of employees to a user.
    2. The list should only display those employees that the user has access to. 
    3. The employee data is stored in an Employees table in a database. 
    4. Administrators must be able to define which users can access each employee record by specifying active directory users and groups.
    5. The application must be able to handle up to 100,000 employees.

    What is the best practice for storing the access permissions and checking the permissions at run time?

    For Example:

    1. Employee A can be accessed by anyone in the Sales active directory group

    2. Employee B can be accessed by anyone in the Corporate active directory group

    3. Employee C can be accessed only by John Doe in active directory

    John Doe is a member of the Corporate group in active directory.  When John Doe accesses the application he should only be presented with Employee B and C in the list.

    What is the best way for the application to store permissions and determine which employees to present to the user John Doe?  What data do you store in the database for each record?  How does the application use this data to determine which employee records to display?

    Performanc is key!

    Any suggestions or can anyone director me to a sample application that implements the best practices for this type of solution?

    Saturday, February 25, 2006 6:18 PM