Geek asks and answers

What is the strategy for moving from home authentication to AD?

This question says it all. Currently, our application checks users for a database. We have a combination of internal and external users. For new internal applications, we would like to switch to AD for internal users, and in the future we would like to configure a service that allows external users to register on the site, but have a registration code that creates an AD user who has rights based on the URL, which they click. Our scheme is [username] .company.com. What are the recommendations? Have you gone through this experience?

Edit: this is a combination of web forms and mvc..NET 4.0

+3
source share
1 answer

If you are using .NET 3.5 and above, you should check the namespace System.DirectoryServices.AccountManagement(S.DS.AM). Read more here:

Managing Directory Security Principles in the .NET Framework 3.5

Basically, you can define the context of a domain and easily find users and / or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// validate username/password credentials against AD
if (ctx.ValidateCredentials(userName, password))
{
   // do something
}

// getting current user and testing against group membership
GroupPrincipal group = GroupPrincipal.FindByIdentity("YourGroup");

UserPrincipal user = UserPrincipal.Current;
if (user.IsMemberOf(group))
{
   // do something
}

The new S.DS.AM makes it very easy to play with users and groups in AD:

If you primarily use ASP.NET applications, I would recommend checking out the ASP.NET membership providers and roles that have an interface to AD so that you can use AD groups (and user membership in these groups) as criteria for enabling / disabling certain functions.

See some related blog posts:

+2

More articles:


All Articles