You are building an Intranet expense report application for your organization, and want to enable role-based authentication and authorization capabilities within it. Specifically, you want to create logical roles called “approvers”, “auditors”, and “administrators” for the application, and grant/deny end-users access to functionality within the application based on whether they are in these roles.
Because your application is an Intranet solution, you want to use Windows Authentication to login the users accessing the application (avoiding them having to manually login). However, because the roles you want to define are specific to your application, you do not want to define or store them within your network’s Windows Active Directory. Instead, you want to define and store these roles within a database. You then want to map Windows user accounts stored within Active Directory to these roles, and grant/deny access within the application based on them.
In addition to using roles to authorize access to individual pages within the application, you want to dynamically filter the links displayed within the site’s menu navigation based on whether users have permissions (or not) to those links. And lastly, you want to build-in a custom role-management administration UI directly within the expense report application for “expense app administrators” to manage these roles and control who has access to the capabilities of the app:
I've put together a detailed post that walks through step-by-step how to implement all of this. You can read it here, and download the completed sample I walk through how to build here.
Hope this helps,