Geek asks and answers

How to configure access for users in an Active Directory group

I have a web application using Windows Authentication in C # and currently I assign users roles individually.

eg. On every page of the application I check

if(Roles.IsUserInRole(AU\UserName, "PageAccessRole"))

As I need to deploy the application for the whole team this week (and, ultimately, the whole company), I need custom AD groups, since there are more than 3000 ppl, so I'm not going to do it manually!

As a newbie to ASP.NET (and generally programming), and I really know little about setting up AD groups (for example, how to access AD groups from my application, etc.?)

I would be so grateful if anyone could point me in the right direction ... I read all about LDAP and System.DirectoryServices.AccountManagement etc. but I'm just getting more and more confused.

As long as I have it in my web.config

  <authentication mode="Windows">
  </authentication>
  <authorization> 
              <allow roles="AU\Active Directory Group Name"/>
    <deny users="?"/>
  </authorization>

  <roleManager enabled="true" >
    <providers>
    <clear/>
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>

And I turned on Windows authentication and disabled Anonymous on the IIS server.

Please, help!

0
source share
1 answer

Solutions: -

So you can select groups from OU to AD

DataTable dt = new DataTable();
dt.Columns.Add("groups");
DirectoryEntry rootDSE = null;

Suppose I want to receive records from my department unit. Now the path will be like

Department →> Members

dc - . Corp.Local
AD

if (department != "")
{
   rootDSE = new DirectoryEntry(
     "LDAP://OU=" + department + ",OU=Users,dc=corp,dc=local", username, password);
}
else
{
   rootDSE = new DirectoryEntry(
      "LDAP://OU=Users,OU=" + ou + ",dc=corp,dc=local", username, password);
}
DirectorySearcher ouSearch = new DirectorySearcher(rootDSE);
ouSearch.PageSize = 1001;
ouSearch.Filter = "(objectClass=group)";
ouSearch.SearchScope = SearchScope.Subtree;
ouSearch.PropertiesToLoad.Add("name");
SearchResultCollection allOUS = ouSearch.FindAll();
foreach (SearchResult oneResult in allOUS)
{
    dt.Rows.Add(oneResult.Properties["name"][0].ToString());
}
rootDSE.Dispose();
return dt;

, .

, , Looping the Users.

 PrincipalContext pr = new PrincipalContext(ContextType.Domain,
     "corp.local", "dc=corp,dc=local", username, password);
GroupPrincipal group = GroupPrincipal.FindByIdentity(pr, groupName);//Looking for the Group in AD Server

if (group == null)
  {
     //Throw Exception
  }

UserPrincipal user = UserPrincipal.FindByIdentity(pr, userName);//Looking  for the User in AD Server

if (user.IsMemberOf(group))//If Group is already added to the user
   {
       //I have Put it into If else condition because in case you want to Remove Groups from that User you can write your Logic here.

     //Do Nothing, Because the group is already added to the user
   }
 else// Group not found in the Current user,Add it
   {
      if (user != null & group != null)
       {
         group.Members.Add(user);
         group.Save();
         done = user.IsMemberOf(group);//You can confirm it from here
        }
   }
     pr.Dispose();
     return done;
+1

More articles:


All Articles