Custom Role Provider with ActiveDirectory Authentication

Question

I'm creating a custom Role provider based on the ASP.NET Role provider. I have 3 tables. One for Users, one for Roles, one for UsersInRoles.The Users table has no password column because the users are authenticated with ActiveDirectory. That's my approach so far. I can't get the cusstom Role Provider to work, anyone has the same situation like me. How do you make a custom Role provider works with AD?

Answer 1

What I did: create a class which inherits from System.Web.Security.RoleProvider, and choose "Implement abstract class" from the context menu when clicking on : Roleprovider. I only implemented the method GetRolesForUser (the other methods throw NotImplementedException).

At a certain point I thought I also needed to implement the MembershipProvider, but a simple addition to web.config fixed it (since the assembly is not in the GAC, in the type-attribute, you only need to mention the namespace+type-name; not the assembly name and other parameters):

<configuration>
  <system.web>
    <roleManager enabled="true" defaultProvider="MyRoleProvider">
      <providers>
        <clear />
        <add name="MyRoleProvider" type="Namespace.To.MyRoleProvider" />
      </providers>
    </roleManager>
  </system.web>
</configuration>

There is no need to implement the ValideUser method on a MembershipProvider.

Answer 2

You should be able to write the role provider in a manner to where you override the ValidateUser() method and force it to perform the AD lookup there. After that, most of the built in stuff should take over.