huangs3
asked on
How to secure a MVC 5 ASP.NET Web API by Active Directory group?
Hi Experts,
I am working on a ASP.NET Web API application, currently there is no security on it. The API is working in an internal network. I want to allow only users from a certain Active Directory group to access the web API, for all the routes. I read around the MSDN documentation but haven't found a quick example. Can any body provide me a quick example? or find one?
Below are more details:
1. I am using Visual Studio 2013 and C#.NET
2. The ASP.NET Web API is using MVC 5, it has multiple controllers and all of them needs to be secured by the same AD group
3. The Web API is hosted by IIS 7 in Windows 2008 server.
4. If the API http request is rejected, just need to return some short JSON with error message, without asking user to input identity.
Please help me to make the example or find the example. If there is IIS setting required, please let me know.
Thank you!
I am working on a ASP.NET Web API application, currently there is no security on it. The API is working in an internal network. I want to allow only users from a certain Active Directory group to access the web API, for all the routes. I read around the MSDN documentation but haven't found a quick example. Can any body provide me a quick example? or find one?
Below are more details:
1. I am using Visual Studio 2013 and C#.NET
2. The ASP.NET Web API is using MVC 5, it has multiple controllers and all of them needs to be secured by the same AD group
3. The Web API is hosted by IIS 7 in Windows 2008 server.
4. If the API http request is rejected, just need to return some short JSON with error message, without asking user to input identity.
Please help me to make the example or find the example. If there is IIS setting required, please let me know.
Thank you!
ASKER
Hi omgang,
Thank you for your suggestion! Checking the user identity against the AD group is one of the issues that I think I will face.
On another hand, is there any way to check the identity even before the request is routed to a specific action of the controller? In that way I will only need to change the code at one place.
Thank you!
Thank you for your suggestion! Checking the user identity against the AD group is one of the issues that I think I will face.
On another hand, is there any way to check the identity even before the request is routed to a specific action of the controller? In that way I will only need to change the code at one place.
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you omgang! I will try it today.
ASKER
We end up using similar idea even though didn't directly use the code.
OM Gang