asp.net mvc 4

HI all ,

I have built some asp.net mvc 4 webapp and I pointed users to authenticate through the AD. now it works fine but i have one thing I would like to do is to control which AD users can connect for example:

add some AD group to my application and allow just to member of this group to access the webapp.

Thanks,
LVL 1
Moti Mashiah.NET DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy PooleCommented:
In your login page you would validate the user against the group they are in and either allow it or deny it
var User = System.Web.HttpContext.Current.User;
            if (User.IsInRole("DOMAIN\\ADGroup"))

Open in new window

0
Moti Mashiah.NET DeveloperAuthor Commented:
where should i type it in my controller can you advice:

here is my controller code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Transactions;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;
using Microsoft.Web.WebPages.OAuth;
using WebMatrix.WebData;
using ALThompsonCRM.Filters;
using ALThompsonCRM.Models;
using System.Configuration;

namespace ALThompsonCRM.Controllers
{
   
    public class AccountController : Controller
    {
        
        public ActionResult Login()
        {

            return this.View();
        }
     
        [HttpPost]
        public ActionResult Login(LoginModel model, string returnUrl)
        {
            if (!this.ModelState.IsValid)
            {
                return this.View(model);
            }

           

            if (Membership.ValidateUser(model.UserName, model.Password))
            {
                FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                    && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                {
                    return this.Redirect(returnUrl);
                }

                return this.RedirectToAction("Index", "Home");
            }

            this.ModelState.AddModelError(string.Empty, "The user name or password provided is incorrect.");

            return this.View(model);
        }

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();

            return this.RedirectToAction("Index", "Home");
        }
    }

Open in new window

0
Randy PooleCommented:
public ActionResult Login(LoginModel model, string returnUrl)
{
    if (!this.ModelState.IsValid)
    {
        return this.View(model);
    }

   

    if (Membership.ValidateUser(model.UserName, model.Password))
    {
        if (Roles.IsUserInRole(model.UserName,"DOMAIN\\ADGroup"))
        {
          FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
          if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
              && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
          {
              return this.Redirect(returnUrl);
          }
  
          return this.RedirectToAction("Index", "Home");
         }
         this.ModelState.AddModelError(string.Empty, "You are not authorized to utilize this system.");
         return this.View(model);
    }

    this.ModelState.AddModelError(string.Empty, "The user name or password provided is incorrect.");

    return this.View(model);
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Moti Mashiah.NET DeveloperAuthor Commented:
hi ,

I just tried the code you sent me and I got this error in the new line "The network path was not found"

here is how I added it

if (Membership.ValidateUser(model.UserName, model.Password))
    {
        if (Roles.IsUserInRole(model.UserName,"alt.local\\Crmaccess"))
        {
          FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
          if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
              && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
          {
              return this.Redirect(returnUrl);
          }
  
          return this.RedirectToAction("Index", "Home");
         }
         this.ModelState.AddModelError(string.Empty, "You are not authorized to utilize this system.");
         return this.View(model);
    }

Open in new window

0
Moti Mashiah.NET DeveloperAuthor Commented:
Sorry my fault ignore the comment above, my SQL was down that's why I couldn't find the path.

Now when I insert user name and password with the user who member in crmaccess group and click on submit the window return again to the login page.
0
Moti Mashiah.NET DeveloperAuthor Commented:
Please , can somebody help with this issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.