Good people, as I mentioned in some questions I'm developing a WebAPP query that needs to have a login through the network using Active Directory users. My goal is for a group to exist and I can declare in the application that only those in that group can have access other than "Access denied". I have been standing at this point for some time and there is no one who has helped me so far. I have tried several methods but so far none works. I am new to ASP.NET and I needed your help. I'm working using VS 2012 on an "Empty WebApplication", not an MVC. I appreciate your help.
Permissions depending on AD groups [duplicate]
-2
asked by anonymous 08.02.2017 / 12:24
2 answers
0
I ended up using this super simple and 100% functional code.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime />
<authorization>
<allow roles="dominio\grupo" />
<deny users="*" />
</authorization>
<authentication mode="Windows" />
<identity impersonate="true" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
09.02.2017 / 12:20
0
Hello. You should use the System.DirectoryServices.AccountManagement classes for that purpose:
// Obtem o contexto do domínio
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAINNAME");
// Busca o usuário.
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
// Busca o grupo em questão
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");
if(user != null)
{
// Verifica se o usuário está no grupo
if (user.IsMemberOf(group))
{
// Caso positivo, faça alguma coisa
}
}
08.02.2017 / 21:41