All geek questions in one place

How to get AuthorizeAttribute to work with the local Administrators group in an ASP.NET MVC 3 intranet application?

In this ASP.NET MVC 3 intranet application (created using the Intranet Application MVC 3 application template), where users are automatically authenticated against AD, I try to restrict access to the controller to users in the local Administrators group. To do this, I tried applying AuthorizeAttribute like this:

 [Authorize(Roles = "Administrators")] public class ElmahController : Controller

However, although my AD user (the application reports that the expected user has been authenticated) is in the local Administrators group, I cannot access the controller when AuthorizeAttribute is applied. Only a blank page appears. What am I doing wrong?

On the other hand, I checked that specifying my specific user is working:

 [Authorize(Users = @"ad\arve")] public class ElmahController : Controller

In this case, I can get a page with limited access.

EDIT: I found that the response to the group with BUILTIN worked:

 [Authorize(Roles = @"BUILTIN\Administrators")]

Is this the ultimate way to access local groups through AuthorizeAttribute though ??

+6
source share
2 answers

Follow my tutorial How to create an intranet site using ASP.NET MVC You need to use the built-in class AspNetWindowsTokenRoleProvider, which uses Windows groups as roles

 [Authorize(Roles = @"BUILTIN\Administrators")]

It will only work if you are an administrator on the IIS server. If you deploy your application to a production server for your company, you will need to make a local administrator on the production server.

+6
source

You can configure your own AD authorization attribute to be placed on each action or controller. I have done this before and done something very similar to the link below. This works if you use forms authentication, not windows.

Group based authorization authorization

0
source

Source: https://habr.com/ru/post/904540/

More articles:


All Articles