Restrictions of AD Groups

Asked

Viewed 274 times

1

I’m currently developing a Webapp where I have already managed to get login to confirm the user credentials in the AD. Basically the login already works correctly. My goal now is to create 1 group in AD and specify that only those in that group can access the application. Does anyone know how to do this ? 

DllImport("advapi32.dll")] 
public static extern bool LogonUser(string name, string domain, string pass, int logType, int logpv, ref IntPtr pht); 
protected void Button1_Click(object sender, EventArgs e) 
{  
  IntPtr th = IntPtr.Zero; bool log = LogonUser(txt_user.Text, "dominio", txt_pass.Text, 2, 0, ref th);  
  if (log)
 }
c# asp.net security-guard active-directory

  • is it possible to enter more details in the question? Type: how is the class you log in to.

  • I’ve done a lot of research and found this code and so far it’s working. He can recognize the user and tell me if his credentials are right or wrong. What I’m missing now as I said is the restrictions, only those who were in the AD group have access to the application.

2 answers

1


I ended up using this super simple code and 100% functional.

    <configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime />
    <authorization>
      <allow roles="dominio\grupo" />
      <deny users="*" />
    </authorization>
    <authentication mode="Windows" />
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>

0

Hello. You should use the classes of System.DirectoryServices.Accountmanagement for such an objective:

// Obtem o contexto do domínio 
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAINNAME");

// Busca o usuário. 
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

// Busca o grupo em questão 
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

if(user != null) 
{ // Verifica se o usuário está no grupo 
    if (user.IsMemberOf(group)) 
    { 
        // Caso positivo, faça alguma coisa 
    } 
}

http://www.marcioalthmann.net/2014/02/descobrindo-grupos-autorizacao-usuario-dominio/

https://social.msdn.microsoft.com/Forums/pt-BR/8fd13d9f-a4d4-40ae-997f-eabd5a270af8/como-descobrir-os-usurios-de-um-grupo-do-ad-via-web-part-c?forum=sharepointpt

https://stackoverflow.com/questions/12029378/how-to-check-if-a-user-belongs-to-an-ad-group

Browser other questions tagged c# asp.net security-guard active-directory

You are not signed in. Login or sign up in order to post.