There's a similar approach with windows authentication, as with forms authentication. You still have to manually assign the users/roles in WindowsAuthentication_Authenticate to get the full benefit of user and role verification using parameter attributes - or web.config user/role declarations.
Here's the code (in vb) to map the values in...
[this example code uses a custom class with the function GenericPrincipal(e.Identity, roleStrng) to create the User. It's just a thin class containing the user name, and role list.]
Sub WindowsAuthentication_Authenticate(ByVal sender As Object, ByVal e As WindowsAuthenticationEventArgs)
Dim roleStrng() As String = GetUserRoles()
e.User = New GenericPrincipal(e.Identity, roleStrng)End Sub
Private Function GetUserRoles() As String()
Dim myDomain As AppDomain = Thread.GetDomain()
myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
Dim al As New ArrayList
Dim myPrincipal As WindowsPrincipal = CType(Thread.CurrentPrincipal, WindowsPrincipal)
Dim wbirFields As Array = [Enum].GetValues(GetType(WindowsBuiltInRole))
Dim roleName As Object
For Each roleName In wbirFields
Try
If myPrincipal.IsInRole(CType(roleName, WindowsBuiltInRole))
Then
al.Add(roleName.ToString())
End If
Catch
End Try
Next roleName
Return CType(al.ToArray(GetType(String)), String())
End Function
[note, users and roles belong to domains in windows. so you may need to explicitly use the "domain\account" syntax. e.g. "domain\user" or "domain\role"]