AD Group Restrictions

1

I am currently developing a WebAPP where I have already been able to have the login confirm the credentials of the user in AD. Basically the login already works correctly. My goal now is to create 1 group in AD and specify that only those in this group can access the application. Anyone know how I can do this?

DllImport("advapi32.dll")] 
public static extern bool LogonUser(string name, string domain, string pass, int logType, int logpv, ref IntPtr pht); 
protected void Button1_Click(object sender, EventArgs e) 
{  
  IntPtr th = IntPtr.Zero; bool log = LogonUser(txt_user.Text, "dominio", txt_pass.Text, 2, 0, ref th);  
  if (log)
 }
    
asked by anonymous 03.02.2017 / 12:20

2 answers

1

I ended up using this super simple and 100% functional code.

    <configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime />
    <authorization>
      <allow roles="dominio\grupo" />
      <deny users="*" />
    </authorization>
    <authentication mode="Windows" />
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>
    
09.02.2017 / 12:18
1

Hello. You should use the System.DirectoryServices.AccountManagement classes for this purpose:

// Obtem o contexto do domínio 
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAINNAME");

// Busca o usuário. 
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

// Busca o grupo em questão 
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

if(user != null) 
{ // Verifica se o usuário está no grupo 
    if (user.IsMemberOf(group)) 
    { 
        // Caso positivo, faça alguma coisa 
    } 
}

link

link

link

    
08.02.2017 / 21:44