Permissions management using Active Directory

0

I'm developing an ASP.NET C # application and at the moment I'm at the sign-in point that is almost finished.

I'm using <authentication mode="Windows"></authentication> and a code that allows the application to verify that the credentials are correct.

I'm just missing code that restricts group permissions.

I would like you to give me a simple code that allows me to basically give the permission to enter the application only the users that are within the existing AD group.

<configuration>
    <system.web>
      <authorization>
        <allow roles="meudominio\Grupo"/>
        <deny users="*"/>
      </authorization>
    <compilation targetFramework="4.0" debug="true"/>
  </system.web>
</configuration>
    
asked by anonymous 06.02.2017 / 12:51

2 answers

0

I ended up using this super simple and 100% functional code.

<configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime />

    <authorization>
      <allow roles="dominio\grupo" />
      <deny users="*" />
    </authorization>
    <authentication mode="Windows" />
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <directoryBrowse enabled="true" />
  </system.webServer>
    
09.02.2017 / 12:25
2

To assign permissions simply for AD groups, you can include the following settings in Web.Config. This setting below shows which users or groups allow access to the application.

Users

<configuration>
  <system.web>
    <authorization>
      <allow users="domainname\user1,domainname\user2,domainname\user3" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Groups

<configuration>
  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>
    
06.02.2017 / 13:09