If this is regular asp.net you need impersonation.
Here are my notes on this:
Both server and client must be in the intranet zone.
Code - note the iis configuration in comments:
string EditorGroup = (string)ConfigurationManager.AppSettings["EditorGroup"];
string AdminGroup = (string)ConfigurationManager.AppSettings["AdminGroup"];
// Hosting web site must have:
// Anonymous authentication disabled
// Asp.Net Impersonation enabled
// Windows Authentication enabled
// appPool used must be classic asp.net appPool ( in advanced settings for web site ).
string WithDomain = HttpContext.Current.Request.LogonUserIdentity.Name.ToString();
string JustName = WithDomain.Substring(WithDomain.LastIndexOf('\\') + 1);
bool IsAdmin = IsInGroup(WithDomain, AdminGroup);
bool IsEditor = IsInGroup(WithDomain, EditorGroup);
Method to do isinrole
private bool IsInGroup(string user, string group)
{
try
{
using (var identity = new WindowsIdentity(user))
{
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(group);
}
}
catch
{
return false;
}
}
In web.config
<system.web>
<authentication mode="Windows" />
The isingroup stuff is checking whether the user is in a particular AD user group.
You can also check that in web.config
<system.web>
<authentication mode=“Windows“/>
<identity impersonate=“true“/>
<authorization>
<allow roles=“Your group“/>
<deny users=“*“/>
</authorization>
</system.web>
http://www.codeproject.com/Articles/175028/ASP-NET-Windows-Authentication-Authorization-by-Gr
Please don't forget to upvote posts which you like and mark those which answer your question.
My latest Technet article - Dynamic XAML
No comments:
Post a Comment