All geek questions in one place

ASP.NET Active Directory Role Provider via web.config

I would like to ask if anyone can provide an example of web.config for the following situation:

I have a website (ASP.NET) with form authentication (login controls) that I would like to link to our corporate Active Directory. In AD, we defined users as well as groups. Authentication for users (allow users ...) works like a charm, however, when I want to add role authentication (allow roles ...), it does not work. I tried to enable the role manager, but I don’t know exactly how to configure the provider to communicate with AD.

In addition, I would like to have all the settings only in web.config, so as not to authenticate the group in code (I know that this is possible, but I would prefer only a configuration solution).

Although I went through several tutorials on the Internet, most of the role authentication was focused on using a local sql server or Windows authorization, but not AD.

+6
source share
2 answers

The idea is to write a custom role provider that reads groups from AD and exposes user roles:

http://slalomdev.blogspot.com/2008/08/active-directory-role-provider.html

+7
source

if this site is on the intranet then you do not need Use input controls or a role provider. AD is already a supplier out of the box. Your web.config file should have

<authentication mode="Windows"/> <authorization> <!--<allow roles="AD_GROUP" />--> <!--<allow users="USERS"/--> <deny users="?"/> <!-- Important if you want to force authentication--> </authorization>

somewhere in your code that you can check to see that the user is in this role:

 HttpContext.Current.User.IsInRole("AD_GROUP_NAME")
+10
source

Source: https://habr.com/ru/post/900777/

More articles:


All Articles