Re: Get UserGroup of Active Directory to control the security

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 12/19/04

Next message: Ken Schaefer: "Re: 2 domain names, 1 IP, one SSL cert"

Previous message: Shaker: "Get UserGroup of Active Directory to control the security"
In reply to: Shaker: "Get UserGroup of Active Directory to control the security"
Next in thread: Shaker: "Re: Get UserGroup of Active Directory to control the security"
Reply: Shaker: "Re: Get UserGroup of Active Directory to control the security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 19 Dec 2004 14:04:09 -0600

If you are using Windows authentication in ASP.NET, you can easily do basic
role-based security against the user's group membership using the
WindowsPrincipal class which is exposed as the IPrincipal object returned by
the User property on the HttpContext or Page class or the
Thread.CurrentPrincipal class for code that does not reference System.Web
such as a middle tier layer or something.

You just call the User.IsInRole method with the name of the group you are
interested in (in domain\group name format) and it will return true or
false.

Additionally, the allow and deny tags in web.config, which are used by the
UrlAuthorizationModule, can be used to declaratively allow and deny access
to certain parts of your page. Use the same syntax as above, e.g.

Finally, you can use the PrincipalPermission and
PrincipalPermissionAttribute to achieve similar things, although I'm not a
big fan of the attribute as the principal name must be specified at compile
time.

HTH,

Joe K.

"Shaker" <Shaker@discussions.microsoft.com> wrote in message
news:885A0DAC-CB23-45D6-958A-4D19E3526B1D@microsoft.com...
> Hi,
> I have an ASP.Net Intranet App with C#.
>
> I don't need to ask users about by User and PWD since they are already
> logged in.
> This is acheived through "<deny users="?" />" tag. no problem with it.
>
> My concern now is to determine the the user group where the user is
> belonging to.
> to control the rest of navigation to the site.
> Please provide me with clear code to do that.
>
> --
> MCSD not .Net

Next message: Ken Schaefer: "Re: 2 domain names, 1 IP, one SSL cert"

Previous message: Shaker: "Get UserGroup of Active Directory to control the security"
In reply to: Shaker: "Get UserGroup of Active Directory to control the security"
Next in thread: Shaker: "Re: Get UserGroup of Active Directory to control the security"
Reply: Shaker: "Re: Get UserGroup of Active Directory to control the security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Get UserGroup of Active Directory to control the security
... But I Still need a way to get user info beside a full tree of Usergroup from ... > Additionally, the allow and deny tags in web.config, which are used by the ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Design Question
... But all role-based security information resides in AzMan store. ... services are configured as Windows authentication in IIS. ... > the declaration of the PrincipalPermission attribute and the call to ...
(microsoft.public.dotnet.languages.csharp)
Re: Difference between System.Web.HttpContext.Current.User.Identity.Name and System.Threading.Thread
... But there is also the PrincipalPermission and PrincipalPermissionAttribute, ... which is more common in WinForms/Console libraries - and they rely on Thread.CurrentPrincipal. ... > The only code in the gloabal.asax is to catch runtime errors in the ... > In the Web.config I'm impersonating with Windows Authentication. ...
(microsoft.public.dotnet.framework.aspnet.security)