Reputation: 2489
How to set up access for users in Active Directory group
I have a web application using Windows Authentication in C# and currently I assign users to roles individually.
e.g. At each page of the application, I check
if(Roles.IsUserInRole(AU\UserName, "PageAccessRole"))
As I need to roll out the application to the whole team this week (and eventually the whole company), I need to user AD groups as there are over 3000 ppl so I am not about to do it manually!
As a newbie to ASP.NET (and programming in general) and I really don't know much about setting up AD groups (e.g. how do I get access to the AD groups from my application etc?)
I would be soooo grateful if anyone can point me in the right direction...I've been reading up all about LDAP and System.DirectoryServices.AccountManagement etc but I am just getting all the more confused.
So far, I have this in my web.config
<authentication mode="Windows">
</authentication>
<authorization>
<allow roles="AU\Active Directory Group Name"/>
<deny users="?"/>
</authorization>
<roleManager enabled="true" >
<providers>
<clear/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
And I've enabled Windows Authentication and disabled Anonymous in the IIS Server.
Please please help!!
Upvotes: 0
Views: 2741
Answers (1)
Reputation: 1916
Solutions:-
This is how you can Fetch Groups from an OU in AD
DataTable dt = new DataTable();
dt.Columns.Add("groups");
DirectoryEntry rootDSE = null;
Suppose I want to fetch records from my Department OU. Now the Path would be like that
Department-->>Users
and dc here is Domain Controller name, In my case it was Corp.Local
In this way you can fetch groups from your AD
if (department != "")
{
rootDSE = new DirectoryEntry(
"LDAP://OU=" + department + ",OU=Users,dc=corp,dc=local", username, password);
}
else
{
rootDSE = new DirectoryEntry(
"LDAP://OU=Users,OU=" + ou + ",dc=corp,dc=local", username, password);
}
DirectorySearcher ouSearch = new DirectorySearcher(rootDSE);
ouSearch.PageSize = 1001;
ouSearch.Filter = "(objectClass=group)";
ouSearch.SearchScope = SearchScope.Subtree;
ouSearch.PropertiesToLoad.Add("name");
SearchResultCollection allOUS = ouSearch.FindAll();
foreach (SearchResult oneResult in allOUS)
{
dt.Rows.Add(oneResult.Properties["name"][0].ToString());
}
rootDSE.Dispose();
return dt;
Now how to add Users to the groups.
It is an example for a single user, you can do this in similar way by Looping the Users.
PrincipalContext pr = new PrincipalContext(ContextType.Domain,
"corp.local", "dc=corp,dc=local", username, password);
GroupPrincipal group = GroupPrincipal.FindByIdentity(pr, groupName);//Looking for the Group in AD Server
if (group == null)
{
//Throw Exception
}
UserPrincipal user = UserPrincipal.FindByIdentity(pr, userName);//Looking for the User in AD Server
if (user.IsMemberOf(group))//If Group is already added to the user
{
//I have Put it into If else condition because in case you want to Remove Groups from that User you can write your Logic here.
//Do Nothing, Because the group is already added to the user
}
else// Group not found in the Current user,Add it
{
if (user != null & group != null)
{
group.Members.Add(user);
group.Save();
done = user.IsMemberOf(group);//You can confirm it from here
}
}
pr.Dispose();
return done;
Upvotes: 1
Related Questions
- How to do authentication using active directory group in asp.net?
- Windows Authentication with Active Directory Groups
- Allow allow AD Group access
- ASP .NET MVC Forms authorization with Active Directory groups
- Active Directory Group and C# webpage configuration
- User Group and Role Management in .NET with Active Directory
- Authenticating against Active Directory Group
- Active Directory Access using ASP.NET
- How do I authenticate users against Active Directory in .NET?
- User/Group Permissions in Active Directory