Login with network user(AD)

Asked

Viewed 4,616 times

7

I need to log the user into my system, with the user who is logged in to the company network. I’ve never done this and I’m having doubts about how to get users on AD. I’m doing research on the net and I still can’t understand how to find this user. The question is: How do I get the user logged in to the network and then on my system? Usage MVC5, Visual Studio 2013, C#.

So, I took this code from another forum and it worked, but there’s one boring thing still to solve. It brings me the domain and/or machine name, in this format: Domain User. How do I remove the domain and bar? Below is my solution:

public ActionResult CadastroCargo()
        {
            ViewBag.User = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

            return View();
        }
c# asp.net-mvc-5 security-guard active-directory

2 answers

6

If you are going to create a new project, just use the ASP.NET Web Application project template, choose MVC, next there is the Change Authentication option :

inserir a descrição da imagem aqui

Then choose Windows Authetication option, which is for intranet applications.

Click ok, and you’re done. You have a Web Application catching the AD user.

Note that on the Web.Config application the authentication part will be authetication mode="Windows" :

 <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>

If you want to limit which users or groups will access your site, just add the rules, for example :

 <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Windows" />
    <authorization>
      <allow roles="meudominio\Grupo1,meudominio\Grupo2" />
      <allow users="meudominio\usuario1" />
      <deny users="*" />
    </authorization>
  </system.web>

This way you block access for all users, but allows all users of Group1 and Group2, and the user.

Simple as that.

  • Yeah, switch to <authentication mode="Windows" />. Your project was already looking for users from somewhere?

  • No, I’m starting to do it now. I was creating a login screen, but they asked for AD search. But I will need to treat this user in a table that I made here for the system, but that’s something else.

  • Relax, just associate in this table the login of the user AD. And in C# you can catch the user who is accessing your site using User.Identity.Name. Then the rest you do what you want. If you need custom access rules from table data, you can also create a custom Roleprovider, which is just a class that implements the Roleprovider interface. And on the Web.Config inform that your roleManager will be the type of your roleProvider customized.

  • So, I went to pick this guy up in my controller and it’s coming up empty. I’m on a machine not logged in to the network, but with my access user. I guess that way it won’t work, right? It will be on the company network, but I develop on my particular machine(notebook).

  • 1

    I made an edit in my post to show the solution.

2

Hello,

If your intention is just to write on the screen the user name without the domain in front of the user name, you can use the following command

System.Environment.UserName

Browser other questions tagged c# asp.net-mvc-5 security-guard active-directory

You are not signed in. Login or sign up in order to post.