I am writing an asp 2.0 website where existing AD users can log in.
I am using ActiveDirectoryMembershipProvider for this task and it
works.

Now I need to define roles for these users (admin, author, user...)
These roles are not defined as groups in AD (in fact there could be
other web-applications with a different set of roles and users), so I
am looking into creating a separate database where these roles are
stored and mapped to the AD-users.




same database Visual Studio 2005 creates. But in my case I have
Memberships defined in AD and Roles should be in SQL-DB.

Is this possible? Am I missing something basic? How could I map roles
to users?
I am using IIS, so I have no access to the ASP.Net Configuration Tool
to set up roles.


Thanks for any hints!


Reinhard

You can mix and match membership providers and role providers, as long as
you key (the username) you are using works in each system you store the user
data in. I don't see a problem with doing this except that keeping SQL in
sync with AD will likely suck, especially if there are many users in AD and
there is a lot of ID provisioning activity in the directory.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Reinhard" <c.robin (AT) gmx (DOT) at> wrote