Limit Intranet Access by AD Group Membership

I am working on a project at work that requires me to limit the access of an intranet page based upon the logged in user's membership in an Active Directory group. I have the following code that correctly authenticates to AD (written by a former employee), but I need to now get the list of the user's authorized groups and limit access based upon that. I've tried a few code snippets that I found online, but I haven't been able to get them to work. This will eventually be code we use Intranet-wide.

Example: userid=cromer is a member of group "ross" in AD
Generic loginform for intranet. User cromer tries to go to page ross.aspx and the login form comes up - if cromer is a member of group "ross" she gets in, otherwise she gets an error message that says she doesn't have permission to access that page.

Current AD User Authentication code on LoginForm.aspx.cs:

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text;
using System.DirectoryServices;

public partial class LoginForm : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (this.IsPostBack)
        {
            // Path to LDAP directory server.
            string adPath = "LDAP://sd_corp.local/DC=aert,DC=com";
            ActiveDirectoryLogin adAuth = new ActiveDirectoryLogin(adPath);

            try
            {
                if (true == adAuth.IsAuthenticated("sd_corp.local", Request.Form["UserName"], Request.Form["Password"]))
                {
                    // Create the authentication ticket
                    FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(Request.Form["UserName"], true, 60);

                    // Now encrypt the ticket.
                    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

                    // Create a cookie and add the encrypted ticket to the cookie as data.
                    HttpCookie adAuthCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

                    // Add the cookie to the outgoing cookies collection.
                    Response.Cookies.Add(adAuthCookie);

                    Session["displayName"] = adAuth.usrFullName;

                    FailureText.InnerHtml = "Successful login!";
                    FailureText.Style.Add("textJustify", "newspaper");
                    FailureText.Style.Add("margin", "5px");
                    FailureText.Style.Add("border", "3px coral solid");

                    // Redirect the user to the originally requested page
                    Response.Redirect(FormsAuthentication.GetRedirectUrl(Request.Form["UserName"], false));
                }
                else
                {
                    FailureText.InnerHtml = "Authentication failed, check username and password.";
                    FailureText.Style.Add("textJustify", "newspaper");
                    FailureText.Style.Add("margin", "5px");
                    FailureText.Style.Add("border", "3px coral solid");
                }
            }
            catch
            {
                FailureText.InnerHtml = "The system could not log you on. Make sure your User name is correct, then type your password again. Letters in passwords must be typed using the correct case."; // + ex.Message
                FailureText.Style.Add("textJustify", "newspaper");
                FailureText.Style.Add("margin", "5px");
                FailureText.Style.Add("border", "3px coral solid");

            }
        }
    }

    protected void Button1_Click(object sender, EventArgs e)
    {
    }
 }
Carla RomereDirector of Information TechnologyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

HugoHiaslCommented:
If you set the Authentication of the site to not allow anonymous access, you can use the Roles.GetRolesForUser() Method.

Here's a tiny snippet from one of my projects:

HttpContext context = HttpContext.Current;

    if (context.User.Identity.IsAuthenticated) {
      returnValue = doLogin(userLogin);
      if (returnValue) {
        string[] userRoles = Roles.GetRolesForUser(((WindowsIdentity)context.User.Identity).Name);
        for (int i = 0; i < userRoles.Length; i++) {
          if (userRoles[i].Equals(ConfigurationManager.AppSettings["application.AdminADGroup"])) {
            // create second copy of userdata;
            context.Session["AdminUserData"] = context.Session["UserData"];
            context.Session["AdminRights"] = true;
          }
        }
      } else { ...



Make sure to add the following entries to your <system.web> section of your web.config:
      <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
      <identity impersonate="true"/>

(restart iis after adding or stop the development webserver after adding.)

Best regards
Oliver
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.