Solved

Limit Intranet Access by AD Group Membership

Posted on 2007-04-10
3
611 Views
Last Modified: 2008-02-01
I am working on a project at work that requires me to limit the access of an intranet page based upon the logged in user's membership in an Active Directory group. I have the following code that correctly authenticates to AD (written by a former employee), but I need to now get the list of the user's authorized groups and limit access based upon that. I've tried a few code snippets that I found online, but I haven't been able to get them to work. This will eventually be code we use Intranet-wide.

Example: userid=cromer is a member of group "ross" in AD
Generic loginform for intranet. User cromer tries to go to page ross.aspx and the login form comes up - if cromer is a member of group "ross" she gets in, otherwise she gets an error message that says she doesn't have permission to access that page.

Current AD User Authentication code on LoginForm.aspx.cs:

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text;
using System.DirectoryServices;

public partial class LoginForm : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (this.IsPostBack)
        {
            // Path to LDAP directory server.
            string adPath = "LDAP://sd_corp.local/DC=aert,DC=com";
            ActiveDirectoryLogin adAuth = new ActiveDirectoryLogin(adPath);

            try
            {
                if (true == adAuth.IsAuthenticated("sd_corp.local", Request.Form["UserName"], Request.Form["Password"]))
                {
                    // Create the authentication ticket
                    FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(Request.Form["UserName"], true, 60);

                    // Now encrypt the ticket.
                    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

                    // Create a cookie and add the encrypted ticket to the cookie as data.
                    HttpCookie adAuthCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

                    // Add the cookie to the outgoing cookies collection.
                    Response.Cookies.Add(adAuthCookie);

                    Session["displayName"] = adAuth.usrFullName;

                    FailureText.InnerHtml = "Successful login!";
                    FailureText.Style.Add("textJustify", "newspaper");
                    FailureText.Style.Add("margin", "5px");
                    FailureText.Style.Add("border", "3px coral solid");

                    // Redirect the user to the originally requested page
                    Response.Redirect(FormsAuthentication.GetRedirectUrl(Request.Form["UserName"], false));
                }
                else
                {
                    FailureText.InnerHtml = "Authentication failed, check username and password.";
                    FailureText.Style.Add("textJustify", "newspaper");
                    FailureText.Style.Add("margin", "5px");
                    FailureText.Style.Add("border", "3px coral solid");
                }
            }
            catch
            {
                FailureText.InnerHtml = "The system could not log you on. Make sure your User name is correct, then type your password again. Letters in passwords must be typed using the correct case."; // + ex.Message
                FailureText.Style.Add("textJustify", "newspaper");
                FailureText.Style.Add("margin", "5px");
                FailureText.Style.Add("border", "3px coral solid");

            }
        }
    }

    protected void Button1_Click(object sender, EventArgs e)
    {
    }
 }
0
Comment
Question by:Carla Romere
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
HugoHiasl earned 500 total points
ID: 18894841
If you set the Authentication of the site to not allow anonymous access, you can use the Roles.GetRolesForUser() Method.

Here's a tiny snippet from one of my projects:

HttpContext context = HttpContext.Current;

    if (context.User.Identity.IsAuthenticated) {
      returnValue = doLogin(userLogin);
      if (returnValue) {
        string[] userRoles = Roles.GetRolesForUser(((WindowsIdentity)context.User.Identity).Name);
        for (int i = 0; i < userRoles.Length; i++) {
          if (userRoles[i].Equals(ConfigurationManager.AppSettings["application.AdminADGroup"])) {
            // create second copy of userdata;
            context.Session["AdminUserData"] = context.Session["UserData"];
            context.Session["AdminRights"] = true;
          }
        }
      } else { ...



Make sure to add the following entries to your <system.web> section of your web.config:
      <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
      <identity impersonate="true"/>

(restart iis after adding or stop the development webserver after adding.)

Best regards
Oliver
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question