I have a .Net application which has authentication and fine grained feature access control managed via a proprietary database (i.e. a flat file). By "fine grained" I mean, for example, access control permissions enable some users to click on
a specific button in the UI while other users only ever see a that button as a disabled button.
Ideally I'd like to get rid of my proprietary database and and the utility code which allows a user to edit the database. As we're in a Windows environment I was immediately drawn towards Active Directory because it seems so much of my work life is controlled by IT and their Active Directory settings.
My first problem is I know nothing about Active Directory. I've quickly become overrun with new terms such as Group Policy, Application Access Control Policy & Access Control List. I'm having such a hard time finding guidelines/tutorials etc on doing what I'm trying to do I'm starting to think I've made a mistake and the purpose of Active Directory is for authentication and for Windows access control, not for access control of home grown .Net applications.
My current thought is to attempt to make each fine grained permission an Active Directory Object (ADO), define roles for using my app as Active Directory Groups (ADG) and through Access Control Lists associate an ADG or some ADG's with each ADO.
At the moment I think my only answerable question is what type of ADO should I use?
Ideally I'd like to get rid of my proprietary database and and the utility code which allows a user to edit the database. As we're in a Windows environment I was immediately drawn towards Active Directory because it seems so much of my work life is controlled by IT and their Active Directory settings.
My first problem is I know nothing about Active Directory. I've quickly become overrun with new terms such as Group Policy, Application Access Control Policy & Access Control List. I'm having such a hard time finding guidelines/tutorials etc on doing what I'm trying to do I'm starting to think I've made a mistake and the purpose of Active Directory is for authentication and for Windows access control, not for access control of home grown .Net applications.
My current thought is to attempt to make each fine grained permission an Active Directory Object (ADO), define roles for using my app as Active Directory Groups (ADG) and through Access Control Lists associate an ADG or some ADG's with each ADO.
At the moment I think my only answerable question is what type of ADO should I use?