Reputation: 1266
ASP.NET core authorize role with AD group from appsettings
It seems like it should be really easy, as on my controller this works:
[Authorize(Roles = "domain\\ad_group")]
public class MyController : Controller
However I would like to specify the "domain\ad_group" from appsettings, rather than hard-coded. I realize the 'proper' solution is to use eg. the EF roles/policies etc, however this is a very tiny application so I'm looking for something a bit more lightweight.
Can I get the AD group from appsettings in a simple way?
Upvotes: 4
Views: 4048
Answers (1)
Reputation: 375
Try the attribute:
[Authorize(Policy = "MyPolicyName")]
In the ConfigureServices method perform the following 2 steps:
1. Read the required role (AD Group) from the appsettings.json file.
2. Add that role to this policy using the RequireRole method.
Code for Step 1:
Configuration.GetSection("NameOfSectionInAppSettings").Bind(ObjectTheSectionIsMappedTo);
Code for Step 2:
services.AddAuthorization(options =>
{ options.AddPolicy("MyPolicyName", policy => policy.RequireRole(ObjectTheSectionIsMappedTo.AdGroupProperty)); });
This works for one of the tiny applications I developed :)
Upvotes: 10
Related Questions
- How to define role Identity resource in appsettings.json in Asp.net core
- ASP.NET Core Authorize AD Groups through web.config
- ASP.NET CORE Roles - Add IdentityRole
- How do I authenticate against an Active Directory group in ASP.NET Core application without log in?
- Authorize In Asp.Net Core Without Identity
- How to Authorize AD users with .Net Core
- ASP.NET Core 2 - AD Groups not mapping to security roles
- Getting Windows/Active Directory groups as role claims with Identity Server 4
- .net core [Authorize] using ClaimsIdentity with AAD groups
- How to set users rights with Windows Authentication with asp.net core