In my application using Windows Authentication, I have been manually creating user roles/ membership stored in SQL (System.Web.Security.SqlRoleProvider enabled in web.config).
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="connMembership" applicationName="/" />
But now, as I am releasing the application, I need to change to using the company's Active Directory groups
<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName" />
AND
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
I have two questions (sorry I am really new to all this!)
1) using ActiveDirectoryMembershipProvider and WindowsTokenRoleProvider now in my web.config, how do I restrict user access into different pages of the app? (i.e. is using Roles.IsUserInRole(username, "ADGroupName") the only way?
2) How do I create an "admin" kind of role using Active Directory? I am asking because before (when still using SqlRoleProvider) I was able to create for myself an Admin group to add myself to in SQL which has access to all pages/functionalities
i.e Roles.AddUserToRole(userName, Admin).
But now since I am part of a restricted AD group, I don't know how to override with some form of Admin security group to add myself to.
WOuld really appreciate your advice!!
Thanks!
