I am currently playing with this for my first “real” MM.NET web project. My implementation uses AD for authentication, MM.NET for authorization, and SharePoint Portal Server Profiles to display registered user information (but it would be just as easy to use AD directly). I automatically try to log everyone in based on the current identity running IE. If they are a registered app user, then it logs them in, if not it redirects them to a request access page. My implementation does not attempt to cross-walk registered users’ AD groups to MM.NET Roles…maybe later I will explore this, but most users have no idea what is out there as far as AD groups are concerned.

My implementation is a little ugly, but once I iron out the bugs I’ll probably abstract all this to use a provider model for User and Role and use SPS Web Services to look up profile info rather than hard-tying it to a cross-db view. If anyone sees something wrong with this or a better way to do it, please let me know.

Basic steps:
• Configure the IIS virtual directory
o Do not allow anonymous connections
o Check Integrated Windows authentication (if all users are on IE)
• Extend DB if necessary – I added a vUsers view which ties registered app users to the SPS Profile DB to display email and other custom SPS attributes
• Subclass the mmUser class to return data from the appropriate data store (AD, SharePoint, etc) - I
• Subclass the mmRoles class if necessary
• Subclass mmUserManager, override AuthenticateUser(), and override CreateUserManager() in your Factory.cs class if necessary.
• Customize User/Role admin page (I added an import users page to search AD for users)
• Add login/redirection logic to Global.Session_Start - I created a simple LogonUtility which performs login, logout, and redirection logic.
o Logon – CreateUserManager, AuthenticateUser, set Session["mmUserSecurity_UserPk"]
• Subclass mmBaseWebPage and mmBusinessWebPage and override RedirectToLogin() to perform custom redirection logic. I also set RequiresSecurity to true for both of the classes.

LogonUtility.cs

using System;

using OakLeaf.MM.Main;
using OakLeaf.MM.Main.Managers;


namespace MyNamespace.Web.Utilities
{
	/// <summary>
	/// Summary description for LogonUtility.
	/// </summary>
	public class LogonUtility
	{
		private System.Web.HttpContext	_context		= null;
		private string					_requestedUrl	= string.Empty;
		private string					_userName		= string.Empty;
		private bool					_authenticated	= false;

		private LogonUtility() {}
		public LogonUtility( System.Web.HttpContext context ){
			try{
				this._context = context;
				this._requestedUrl	= this._context.Request.Url.AbsolutePath;
				this._authenticated	= this._context.User.Identity.IsAuthenticated;
				this._userName		= this._context.User.Identity.Name;
			}catch(System.Exception err){
				OakLeaf.MM.Main.mmAppBase.Log.WriteException( err );				
			}
		}

		public string RequestedUrl{
			get{ return this._requestedUrl; }
		}

		public string UserName{
			get{ return this._userName; }
		}

		public string GetRedirectToRequestAccessPage(){
			OakLeaf.MM.Main.Managers.mmAppSettingsManager appSettings = OakLeaf.MM.Main.mmAppBase.Factory.CreateAppSettingsManager();

			string redirectPage = appSettings.GetSectionSetting("appSettings","RequestAccessPage","/RequestAccess.aspx?{0}");
			string queryString	= string.Format("url={0}", System.Web.HttpUtility.UrlEncode( this._requestedUrl ));

			return string.Format(redirectPage, queryString );
		}
		public void RedirectToRequestAccessPage(){
			this.RedirectToRequestAccessPage( GetRedirectToRequestAccessPage() );
		}

		public void RedirectToRequestAccessPage( string redirectPath ){
			this._context.Response.Redirect( redirectPath, true );
		}

		public bool Login(  ){
			mmUserManager userManager = null;
			try{
				userManager = mmAppBase.Factory.CreateUserManager();

				if (userManager.AuthenticateUser(this._userName,string.Empty, mmAppBase.DatabaseMgr.GetSecurityDatabaseKey()) ) {
					// Set the value up here
					this._context.Session["mmUserSecurity_UserPk"]=userManager.UserPK;

					// If a Language PK is specified, save it to the mmCurrentLanguage session variable
					if (userManager.CurrentLanguage != null) {
						this._context.Session["mmCurrentLanguage"] = userManager.CurrentLanguage;
					}

					return true;
				}
			}catch(System.Exception err){
				OakLeaf.MM.Main.mmAppBase.Log.WriteException( err );

				this._context.Session["mmUserSecurity_RedirectionUrl"] = this.GetRedirectToRequestAccessPage();
				return false;
			}

			this._context.Session["mmUserSecurity_RedirectionUrl"] = this.GetRedirectToRequestAccessPage();
			return false;
		}

		public void Logout() {
			try{
				this._context.Session.Remove("mmUserSecurity_UserPk");
			}catch{}
		}

	}
}

Global.cs

protected void Session_Start(Object sender, EventArgs e) {
	// Get the current user
	DoDDSP.ITFNS.Web.Utilities.LogonUtility logonUtility  = new DoDDSP.ITFNS.Web.Utilities.LogonUtility( HttpContext.Current );

	if( !logonUtility.Login() ){  
		//I do this because I want everyone to be logged in and 
		//    registered to be able to access any functionality 
		logonUtility.RedirectToRequestAccessPage();
	}
}

App myBusinessWebPage sub classes

using System;

namespace MyNamespace.Web.UI
{
	/// <summary>
	/// Derive all application business web pages from this class rather than mmBusinessWebPage.
	/// </summary>
	public class myBusinessWebPage : OakLeaf.MM.Main.Web.UI.mmBusinessWebPage
	{
		public myBusinessWebPage() : base() {
			this.RequiresSecurity = true;
		}

		public override void RedirectToLogin() {
			MyNamespace.Web.Utilities.LogonUtility util = new DoDDSP.ITFNS.Web.Utilities.LogonUtility( System.Web.HttpContext.Current );
			util.RedirectToRequestAccessPage();
		}
	}
}

If you need some more (I.e. Custom User Manager page, User Import Page), let me know and I'll post it here.

Hope this helps a little.