Deferred to: http://www.ideablade.com/forum/forum_posts.asp?TID=483 - http://www.ideablade.com/forum/forum_posts.asp?TID=483

 

Once a user is authenticated, authorization determines what that user is allowed to see or do.  Often this is accomplished by assigning the user string-valued roles stored in the Principal object.  This is created on the server and passed back to the client where it may be queried via the IsInRole() method of the Principal object.

 

If more authorization information is needed, you could create a custom Principal object.

 

I really don't know much about Active Directory.

 

Bill J.

 

If a user is not authorized to add a new entity (they can edit), how do I make that happen?

 

If a user is not authorized to view a portion of the data (only division A data, for example), how do I limit various view, lists, modules, etc.?

 

I figure, if there is a general way to do this (service, injection, etc.), I can extend it to work with my active directory.

 

Since this is security in a CAB application, I thought it best to leave this issue here.

 

Thanks!

Bill