Permissions according to groups of AD

Asked

Viewed 263 times

-2

Good people, as I mentioned in some questions I am developing a query Webapp that needs to have a login through the network using the users of Active Directory. My goal is that there is a group and that I can declare in the application that only those who are in that group can have access otherwise to "Access denied". I’ve been at this point for some time and there’s no one who’s been able to help me so far. I have tried several methods but so far none works. I am new to ASP.NET and I needed your help. I am working using VS 2012 on an " Empty Webapplication" not an MVC. I’d appreciate your help.

c# asp.net security-guard login active-directory
  • 1

    Another duplicate: Permissions management using Active Directory

  • Welcome to [en.so]. I realized that you are creating multiple questions for the same problem, when it won’t actually help you get an answer faster, instead read the guide [Ask] and do a [tour]to learn a little more about the operation of the site so increase your chances of getting a good response.

  • These are my two questions that have not been clarified. Thank you.

  • @jbueno obviously liked to see my question solved but in my previous questions it did not happen. I’m sorry if I’m being repetitive but I really needed help. Thank you.

  • 3

    Well, try to be more detailed, show the relevant code (create a complete and verifiable minimum example), explain well what is happening. I really point you to read the links I posted in the previous comment. In the current way, the only thing that will happen is to publish questions and they end up being closed.

  • Right now I’m starting from scratch once again, what happened is that I put IIS windows authentification mode on VS the same thing and when I used the code that was given to me by @Juniorpirio just did nothing. I’ve done a lot of research so far and nothing’s working either. I would appreciate it if you did not give much work and if you do not mind help me or explain yourself. As I said I am still "newbie"

  • @jbueno also the question that was indicated as duplicate has not even an answer therefore ...

  • Never mind. First: the fact that the questions have been asked by you already characterizes duplicate. Second, there’s no point in you asking repeated questions.

  • So how can I get an answer ?

  • I talked about it in the comment above.

Show 5 more comments

2 answers

0

I ended up using this super simple code and 100% functional.

<configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime />

    <authorization>
      <allow roles="dominio\grupo" />
      <deny users="*" />
    </authorization>
    <authentication mode="Windows" />
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
        <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>

0

Hello. You should use the classes of System.DirectoryServices.Accountmanagement for such a purpose:

// Obtem o contexto do domínio
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAINNAME");

// Busca o usuário. 
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

// Busca o grupo em questão
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

if(user != null)
{
   // Verifica se o usuário está no grupo
   if (user.IsMemberOf(group))
   {
     // Caso positivo, faça alguma coisa
   } 
}

http://www.marcioalthmann.net/2014/02/descobrindo-grupos-autorizacao-usuario-dominio/

https://social.msdn.microsoft.com/Forums/pt-BR/8fd13d9f-a4d4-40ae-997f-eabd5a270af8/como-descobrir-os-usurios-de-um-grupo-do-ad-via-web-part-c?forum=sharepointpt

https://stackoverflow.com/questions/12029378/how-to-check-if-a-user-belongs-to-an-ad-group

  • The first link is not accessible, I will test and then if it works mark as response.

Browser other questions tagged c# asp.net security-guard login active-directory

You are not signed in. Login or sign up in order to post.