I am working on a ASP.NET Web API application, currently there is no security on it. The API is working in an internal network. I want to allow only users from a certain Active Directory group to access the web API, for all the routes. I read around the MSDN documentation but haven't found a quick example. Can any body provide me a quick example? or find one?
Below are more details:
1. I am using Visual Studio 2013 and C#.NET
2. The ASP.NET Web API is using MVC 5, it has multiple controllers and all of them needs to be secured by the same AD group
3. The Web API is hosted by IIS 7 in Windows 2008 server.
4. If the API http request is rejected, just need to return some short JSON with error message, without asking user to input identity.
Please help me to make the example or find the example. If there is IIS setting required, please let me know.