|
Authorization is a process that determines if a user has a particular privilege on a Store or Partition. A user may be directly granted the privilege or it the privilege may be granted to role that the user belongs to or to the special Anonymous user.
The roles that a user belongs to are determined by consulting the Role Provider configured for the service. Refer to see the documentation for the securityManager section of the serverConfig.xml file for details on how this configuration is achieved. The Web3 Platform provides a pluggable architecture for role providers and implements three role providers which you can choose to use.
| • | Null Role Provider
This is the simplest of the providers - it always returns no roles for the user. This means that all privileges must be assigned directly to a particular user or to the Anonymous user. |
| • | Active Directory Role Provider
This role provider uses Active Directory to determine the roles for the user. The list of roles returned by this provider is the list of all Active Directory groups that the user is a member of. This role provider works well with the Windows Authentication method when the Web3 server is part of an Active Directory domain. |
| • | ASP.NET Role Provider
This role provider delegates to the ASP.NET role provider configured for the web application. It returns the list of roles provided by calling the GetRolesForUser method on the ASP.NET role provider using the authenticated user identity. |
|