Permissions depending on AD groups [duplicate]

-2

Good people, as I mentioned in some questions I'm developing a WebAPP query that needs to have a login through the network using Active Directory users. My goal is for a group to exist and I can declare in the application that only those in that group can have access other than "Access denied".  I have been standing at this point for some time and there is no one who has helped me so far. I have tried several methods but so far none works. I am new to ASP.NET and I needed your help. I'm working using VS 2012 on an "Empty WebApplication", not an MVC. I appreciate your help.

    
asked by anonymous 08.02.2017 / 12:24

2 answers

0

I ended up using this super simple and 100% functional code.

<configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime />

    <authorization>
      <allow roles="dominio\grupo" />
      <deny users="*" />
    </authorization>
    <authentication mode="Windows" />
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>
    
09.02.2017 / 12:20
0

Hello. You should use the System.DirectoryServices.AccountManagement classes for that purpose:

// Obtem o contexto do domínio
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAINNAME");

// Busca o usuário. 
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

// Busca o grupo em questão
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

if(user != null)
{
   // Verifica se o usuário está no grupo
   if (user.IsMemberOf(group))
   {
     // Caso positivo, faça alguma coisa
   } 
}

link

link

link

    
08.02.2017 / 21:41