Permissions management using Active Directory

Asked

Viewed 212 times

0

I am developing an ASP.NET C# application and at the moment I am at the login point which is almost finished.

I’m using<authentication mode="Windows"></authentication> and a code that allows the application to verify that credentials are correct.

I’m just missing the code that restricts permissions to groups.

I would like to be indicated a simple code that allows me to basically assign the permission to enter the application only users who are within the existing AD group.

<configuration>
    <system.web>
      <authorization>
        <allow roles="meudominio\Grupo"/>
        <deny users="*"/>
      </authorization>
    <compilation targetFramework="4.0" debug="true"/>
  </system.web>
</configuration>
  • How do you want to restrict? Each group will have access to a particular module? Or have a group that can access the application?

  • Right now I just want to access the application.

  • But in the future through the roles I think I can manage to restrict to each group a function.

  • And how do you communicate with Active Directory? With some lib?

  • [DllImport("advapi32.dll")]&#xA; public static extern bool LogonUser(string name, string domain, string pass, int logType, int logpv, ref IntPtr pht);&#xA; protected void Button1_Click(object sender, EventArgs e)&#xA; {&#xA; IntPtr th = IntPtr.Zero;&#xA; bool log = LogonUser(txt_name.Text, "meudominio" , txt_pass.Text,2,0, ref th);&#xA; if (log)

  • Right now I’m using this code

Show 1 more comment

2 answers

2

To easily assign permissions to AD groups, you can include the following settings in Web.Config. This setting below shows which users or groups allow access to the application.

Users

<configuration>
  <system.web>
    <authorization>
      <allow users="domainname\user1,domainname\user2,domainname\user3" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

Groups

<configuration>
  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>
  • It was a shame to have to give a +1 (it was cool your reputation :p). Joking aside, I liked the simplistic response.

  • When you refer to "Managers" you mean the right group name ? .

  • 1

    @Andrebrandao That’s right, AD roles.

  • @jbueno kkkkk Thank you for getting me out of 666, you saved me. hahahaha !

  • Thank you, I’ll test and then give feedback.

  • @It seemed to be working but it was a lapse. At the moment it does nothing about permissions.

  • I will edit my question with the code of my Web.Config

Show 2 more comments

0


I ended up using this super simple code and 100% functional.

<configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime />

    <authorization>
      <allow roles="dominio\grupo" />
      <deny users="*" />
    </authorization>
    <authentication mode="Windows" />
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <directoryBrowse enabled="true" />
  </system.webServer>

Browser other questions tagged

You are not signed in. Login or sign up in order to post.