Reputation: 3397
Which security should I use?
I am making an intranet mvc app for in-house use. Only other guy in the shop is the server tech. I am told we have a domain controller and we use AD, every user is in groups. I'm pretty sure we use windows authentication (based on we have to log in to our workstation.
I'm not sure if I should be using the UserPrincipal in Directory Services, or the Current.User stuff in HTTPContext, or something else, for authenticating users. Only people in certain AD groups should be able to open the app.
Obviously I know nothing about app security stuff. I plan to hit the books, as soon as I figure out which "technology" I should be using. I also need to check users against specific groups. I almost had that figured out, but I am getting false when I know it should be true.
if (HttpContext.Current.User.IsInRole("MyADGroup"))
{
IsAdmin = true; //keeps returning false.
}
So what should I be looking into?
Upvotes: 0
Views: 51
Answers (2)
Reputation: 965
You can use this example to help you get started with Active Directory Roles.
Since the application is in-house, you don't want to stray far from Windows Authentication, but I do recommend looking into LDAP.
Good luck!
Upvotes: 1
Reputation: 532435
You can hook up the internal application to use users and groups from AD by using the ActiveDirectoryMembershipProvider. Then simply authenticate against the provider instances (Membership.ValidateUser). This allows you to use AD as a backing store but isolates your application from an explicit dependence on it. This will also populate the UserPrincipal on the HttpContext.
I would recommend using this with a standard login form, though IIS will allow you to configure Windows authentication for the entire site. Using a standard login form along with AD-backed authentication allows you to maintain the decoupling and also expose some parts of the site as public pages by allowing anonymous access. This can be useful for things like application help and FAQs which might be useful to someone trying to log on but either disallowed by permission or using the incorrect credentials. Provides a better user experience as well.
Upvotes: 0
Related Questions
- Authentication using active directory in asp.net MVC
- Better way for authentication in asp.net mvc
- ASP.NET authentication advice
- Using database or Active Directory authentication in asp.net
- I need authentication advice for an ASP.NET MVC 3 application
- User authentication in asp.net or mvc
- Active Directory Authentication on ASP.NET MVC
- How should I do authentication in a ASP.Net MVC site?
- How should I handle Authorization/Authentication in my Asp.net MVC app?
- Best Practice for ASP.NET Security Authentication and Authorization