In my application using Windows authentication, I manually created user / membership roles stored in SQL (System.Web.Security.SqlRoleProvider is included in web.config).
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="connMembership" applicationName="/" />
But now, when I release the application, I need to switch to using the company's Active Directory groups
<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName" />
and
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
I have two questions (sorry I'm really new to all of this!)
1) using ActiveDirectoryMembershipProvider and WindowsTokenRoleProvider now in my web.config, how can I restrict user access to different pages of the application? (ie uses Roles.IsUserInRole (username, "ADGroupName") is the only way?
2) "admin" Active Directory? , ( SqlRoleProvider) Admin, SQL, /
i.e Roles.AddUserToRole(userName, Admin).
, AD, , - , .
!
!