15.3. Working with Windows Authentication
Although the most likely scenario that folks think of for SqlRoleProvider is to use it in applications with forms authentication, SqlRoleProvider and the Role Manager feature work perfectly fine in applications using Windows authentication. Typically, you would use NT groups or more advanced authorization stores such as Authorization Manager for many intranet production applications. However, it is not uncommon for developers to create intranet applications in which they do not want or need the overhead of setting up and maintaining group information in a directory store. This can be the case for specialized applications that have only a small number of users, and it can also be the case for "throw-away" intranet applications.
Although I would not advocate using SqlRoleProvider for long-lived internal applications or for complex line-of-business applications, knowing that you can use Role Manager for intranet applications adds another option to your toolbox for quickly building internal websites with reasonable authorization requirements. In the case of a web application using Windows authentication, SqlRoleProvider will automatically create a row in the common aspnet_Users table the very first time a Windows user is associated with a role. The important thing is to use the correct format for the username when adding users to roles or removing users from roles. The username that is available from HttpContext.Current.User.Identity.Name ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
