First of all, thanks for reading my question. I hope you can help me. I have an application in asp.net with c# and I need to add security features. My client request that the authentication were against the active directory of the organization so I have an LDAP chain to do this... the other part of the problem is that my application uses specific roles on specific users so I can't use the groups of the ActiveDirectory.
I think I need to implement a double authentication: First the application authenticate that the user is valid via the LDAP query. Then using the username of the LDAP query the application have to compare it against a table o Data Base that contain the users and it's roles.
With this information the application will give access to the modules that the user is allowed to.
I have research about this but I didn't find an implementation like this, only in separate ways.
Thanks for your help.
You can use one of the standard RoleProviders, such as SqlRoleProvider, in conjunction with Windows Authentication.
This blog post from Scott Guthrie gives a step-by-step recipe for doing this.
There's no need for a custom RoleProvider, unless you have other requirements that aren't met by the standard SqlRoleProvider.