Active Directory Group and C# webpage configuration
I am wanting to allow access to a C# Webpage to only members in an Active Directory group. Can someone please point me in this direction or assist in an开发者_开发知识库yway?
Thanks in advance
You can query AD to see what groups a user belongs to.
This is a great resource: http://www.codeproject.com/KB/system/everythingInAD.aspx#39
Something like this should work too:
using System.DirectoryServices.ActiveDirectory;
using System.DirectoryServices;
public bool IsUserInGroup(string group, string user)
{
string DomainName="";
string ADUsername="";
string ADPassword="";
DirectoryEntry entry=new DirectoryEntry(LDAPConnectionString, ADUsername, ADPassword);
DirectorySearcher dSearch=new DirectorySearcher(entry);
dSearch.Filter="(&(objectClass=user)(userPrincipalName=" + user + ")";
foreach(SearchResult sResultSet in dSearch.FindAll())
{
string strGroupList=GetProperty(sResultSet, "memberOf");
if(!string.IsNullOrEmpty(strGroupList) && strGroupList.IndexOf(group)>-1)
return true;
}
return false;
}
I didn't have time to check this or even compile, so I apologize in advance for any error. The if
in the foreach
might not be sufficient. There also may be a more efficient way to do the query, but this was what I could come up with quickly.
There exist multiple approaches to this.
Imperatively, you can check Page.User.IsInRole(@"domain\group"), and redirect away, send a 401 response, or throw an exception if the user should not have access.
Declaratively, you can control permissions in your web.config:
精彩评论