The AD Administrator would create a group "Dmitry's VFP Application" and put the users in the group. It's based on their network login.

That group could be given access to the network folder where the application exists and/or the SQL Server database for the data.

Windows then handles things. If the user doesn't have access to the folder or SQL Server DB, then Windows refuses access (for SQL Server, it assumes you are using Windows Auth to get access)


>Hi,
>
>I am exploring how a VFP application can be authenticated via Active Directory. In concept, an Administrator of the VFP application should assign an AD person to the application. But how would this be done? Administrator cannot simply specify that "JOHN SMITH" is authorized to use the application, because AD can have more than one JOHN SMITH (as far as username). What unique ID from the AD would have to be set in the VFP application?
>
>TIA