views:

2314

answers:

1

I am attempting to do something simple (I thought) - securing my application using roles-based security using ActiveD groups in our Domain. Specifically, I need to show/hide items on a page depending upon whether the currently logged in user is part of "domain\groupA" in ActiveD. For some reason, it is difficult finding information on using ActiveD for this. Everything I seem to find goes into details of using forms-based authentication using roles, or it uses a DB to store the information.

All I want to do is use our already outlined security structure in our Active Directory. Can someone please explain what I need?

Do I need:

1) <roleManager enabled="true"/> in web.config
2) <allow roles ="domain\groupA"/> in web.config
3) IIS set to windows authentication
4) if (User.IsInRole(@"domain\groupA")){ //do stuff } in my page?

What else am I missing? Anything? 'cause its not working. heh. Thanks all for your help.

+7  A: 

You probably just need to add a RoleProvider to your web.config to tell the app how to do searches against AD.

Sample code from here.

<roleManager defaultProvider="WindowsProvider" 
  enabled="true"
  cacheRolesInCookie="false">
  <providers>
    <add
      name="WindowsProvider"
      type="System.Web.Security.WindowsTokenRoleProvider" />
  </providers>
</roleManager>
tvanfosson