0

I saw I can create an intranet authentication which uses NTLM auth. It's almost what I need. In addition I'm required too check that the user is in a specified group in the AD.

Is there a simple way to do this? It's for a very small web application(8-10 day of dev).

Thank you

J4N
  • 19,480
  • 39
  • 187
  • 340

2 Answers2

1
var ctx = new PrincipalContext(ContextType.Domain);

var userPrincipal = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, userName);

 var groups = userPrincipal.GetGroups();

Here you hava all first level group, which current user is associated. If you want to check more deeper, like the groups where first level groups are part of, you must write recursive function which will iterate through whole groups graph. 

var ctx = new PrincipalContext(ContextType.Domain);

var groupPrincipal = GroupPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, childGroup.SamAccountName);

var currentLevelGroups = groupPrincipal.GetGroups();

Using these three lines you can get the parent groups of specified group.

You can check in every step whether given group is part of collected groups, if yes just break and return true.

TigranG
  • 86
  • 4
  • And how do I integrate this with the authentication system of Asp.Net MVC? – J4N Sep 12 '12 at 07:57
  • You can put the logic in global.asax Session_start Event. Check whether User is Authenticated; HttpContext.Current.User.Identity.IsAuthenticated; If yes, then  UserName = HttpContext.Current.User.Identity.Name.Split('\\').LastOrDefault() – TigranG Sep 12 '12 at 08:17
  • are you sure there is no more adequate way to do it with AuthProvider or anything else? – J4N Sep 17 '12 at 07:08
1

You can add the Authorize attribute to the controller in question with a parameter to check the group.

For example

 [Authorize("mydomain/admin")]
 public class MyController : Controller
 {

 }

You will need to enable windows authentication on the website too.

HTH

Si

Slicksim
  • 7,054
  • 28
  • 32