0

I need to set up this MVC application to use Windows Authentication and Outlook Email Groups to assign Roles to users and then I can authorize the users who are in those Roles to be able to do specific actions in the controller.

I've googled around and found some very useful information about how Roles work with MVC and how I can use the Role Provider class for a lot of Role-based actions. However, these Roles are coming from the SQL Database and do not use Outlook Email-Groups and Windows Authentication to authorize the user.

I am specifically looking to understand how I can leverage Outlook Email Groups but am not finding this information easily. Can anyone help me?

 <authentication mode="Windows">
</authentication>
<authorization>
  <deny users="?" />
  <allow users="?" />
  <allow roles="HAH\Domain Users"/>
  <deny users="*" />
</authorization>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
  <providers>
    <clear />
    <add
        name="AspNetWindowsTokenRoleProvider"
        type="System.Web.Security.WindowsTokenRoleProvider"
        applicationName="/" />
  </providers>
</roleManager>
egucciar
  • 2,039
  • 6
  • 23
  • 24
  • 1
    Do you mean Exchange Email Groups? If so, the answer is yes, as they are special Active Directory Groups. – jrummell Apr 23 '12 at 16:44
  • yes, that is probably what I mean. Do you know of any references I can look at? I'll begin to google those keywords in the meantime. – egucciar Apr 23 '12 at 16:48

1 Answers1

2

If you have your groups in Active Directory as Exchange Distribution Lists, you can use any MVC example that uses Windows Authentication.

There's even a Visual Studio template for this. Create a new MVC web application and then choose Intranet Application.

Update

There are a few issues with your web.config. You should only specify one deny element and one allow element:

<authorization>
  <deny users="?" />
  <allow roles="HAH\Domain Users"/>
</authorization>

This will deny all unauthorized users and allow Domain Users. Please note that MVC follows the roles defined in the [Authorize] attribute. I believe the attribute will override the web.config setting.

In your controllers, you can specify roles for either the entire controller class or specific action methods.

[Authorize(Roles = "Group 1, Group 2, Group3")]
public class MyController { }

OR

public class MyController
{
  [Authorize(Roles = "Group 1, Group 2, Group3")]
  public ActionResult MyAction()
  {
     return View();
  }
}
jrummell
  • 42,637
  • 17
  • 112
  • 171
  • http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs – egucciar Apr 23 '12 at 16:58
  • unfortunately i need to work off this current project and cannot make a new one. But thank you for your help. – egucciar Apr 23 '12 at 16:58
  • 1
    It's really easy to change for an existing project. Just compare web.config files and verify that your settings match [this article](http://msdn.microsoft.com/en-us/library/gg703322(VS.98).aspx). – jrummell Apr 23 '12 at 17:00
  • Thank you. If windows authentication is already enabled and being used, would it still be necessary to make changes? – egucciar Apr 23 '12 at 21:45
  • If you're already using Windows Authentication, you probably only need to change the role names in your `[Authorize]` attributes. – jrummell Apr 24 '12 at 12:06
  • Actually im not using authorize Attributes anywhere. read my update for current config settings. implenting role provider did not work as expected :/ – egucciar Apr 24 '12 at 15:48
  • Also, note that I want to include 3 Exchange groups. So where would they be defined? – egucciar Apr 24 '12 at 15:50
  • `[Authorize(Roles = "Group 1, Group 2, Group3")]` – jrummell Apr 24 '12 at 18:40
  • thanks a lot for that! I keep playing around with this. It seems to work just great for Active Directory groups. Its exchange groups that are giving me a little bigger issue because I'm not sure if they work in the exact same way or not. – egucciar Apr 24 '12 at 20:12