ASP.NET active directory authentication User.IsInRole

Question

I developed an ASP.NET Intranet application. Now I was asked to add authentication for the application - it should be based on Active Directory. The user should not fill in any login or password.

From within ASP.NET C# code I should be able to check something like this:

if (User.IsInRole("MyApplicationReaders"))
{
     doSomething();
}
else if (User.IsInRole("MyApplicationAdmins"))
{
     doSomethingElse();
}

MyApplicationReaders and MyApplicationAdmins are names of Active Directory groups.

Can you please point me to some easy step-by-step tutorial how to achieve this? I failed to find any :-(

Answer 1

You can set IIS to authenticate users automatically, but typically you implement your own authorization scheme. In the past, I have used a database to map my AD accounts to application roles/permissions.

In order to use the IsInRole(), you have to populate the User Principal object. The easiest place to do that is in the Global.asax event BeginRequest. Also take a look at creating a Custom Role Provider.

Answer 2

Try to search harder.

You have to add to configuration file authentication method:

<authentication mode="Windows" />

And also add authorization rules:

<authorization>
  <allow users="DomainName\Bob, DomainName\Mary" />
  <allow roles="BUILTIN\Administrators, DomainName\Manager" />
  <deny users="*" />
</authorization>

This this page for help.

PS: After you'll add windows authentication to your app you will be able to check User.IsInRole for authenticated users. But in some browsers your users will be promted to enter their's windows credentials.