I am attempting to do something simple (I thought) – securing my application using roles-based security using Active Directory groups in our Domain.
Specifically, I need to show/hide items on a page depending upon whether the currently logged in user is part of domaingroupA in Active Directory. For some reason, it is difficult finding information on using Active Directory for this. Everything I seem to find goes into details of using forms-based authentication using roles, or it uses a DB to store the information.
All I want to do is use our already outlined security structure in our Active Directory. Can someone please explain what I need?
Do I need:
<roleManager enabled="true"/>inweb.config<allow roles ="domaingroupA"/>inweb.config- IIS set to windows authentication
if (User.IsInRole(@"domaingroupA")){ //do stuff }in my page?
What else am I missing? Anything? ’cause its not working. heh.
Thanks all for your help.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You probably just need to add a RoleProvider to your web.config to tell the app how to do searches against AD.
Sample code from here.
<roleManager defaultProvider="WindowsProvider"
enabled="true"
cacheRolesInCookie="false">
<providers>
<add
name="WindowsProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0