This project is read-only.

Windows Authentification and NHibernateProvider role provide

Topics: User Forum
Jun 6, 2008 at 4:49 PM

I want to use windows authentification to login the users accessing my application.  (avoiding them having to manually login).  However, because the roles I want to define are specific to my application, I do not want to define or store them within your network’s Windows Active Directory.  Instead, I want to define and store these roles within a database.  I want to map Windows user accounts stored within Active Directory to these roles, and grant/deny access within the application based on them.

Basically, I want to do something similar to this Recipe: Implementing Role Based Security with ASP.NET using Windows Authentication and SQL Server

but I want to use NHibernateProvider instead of SQL Server provider.  So my question will be : it is possible to do that?  I am getting a error when I am adding a role (probably because the user is not in the membershipuser table).


David Gauthier
Jul 14, 2008 at 6:35 PM

I apologize for taking so long to respond. I have been away from these projects for a while and I hope to get back into them as time permits.

I hope that you already got an answer to your question. If not, let me see if I can help you.

The NHibernateProvider is based on the fact that all relationships are maintained in the database. That is, the mapping of application, user, and role are in the database. This is only required for the RoleProvider to find the corresponding role assignment given a "user name" (whatever that is). Authentication is done independently using the MembershipProvider model, but it is not required to use the NHibernameProvider Membership Provider, you can use Windows Authentication for this.

In order to get the two to work together you have to

  1. Comment out the MembershipProvider reference in your Web.config,
  2. Configure your web app to use Windows Authentication, and
  3. Configure the user names in the database.

When using Windows Authentication the user names are those corresponding to the NT user name. For example, domain\first.last. If you configure such user names and map them to your roles, it will all come together. The link between authentication and authorization is therefore done via the NT user name.