tags:

views:

16

answers:

2
Q: 

Intranet Active Directory Auth with VB.NET

Hi,

I'm developing an intranet web app and I'm learning how to hook VB into the Active Directory. We're going to be doing some location specific permissions, and my boss wants (if possible) me to hook into the Active Directory to get the users location.

I think that all I need to do is get the user name, but I'm not sure what is the best way to do that. We're a Microsoft only shop, so IE and IIS are the order of the day. To access the intranet you have to log on to the computer using our domain, so that's one level of security, but then I need to authenticate and make sure that user has permissions to make the changes. I'm thinking we'll either have a modifier (if there's not one already) in the AD info, or keep a permissions table in a database, but the former is probably preferred.

I know that IIS has a feature that allows/requires authentication but I'm not exactly sure how that's supposed to work.

So what's the best/easiest/somewhat(most?) secure way to get the users credentials? I could always do a login page but it would be much nicer if I could just get their AD credentials in the background.

Thanks!

+1  A: 

IIS can be configured to use Integrated Authentication which will give you access to the samaccountname (pre-Windows 2000 logon) of the user. With that you can do an LDAP query against AD and check group membership. If the user is a member of the CanModifyStuffGroup (that you have created within AD and added users to) then let them make changes, otherwise give them the read-only version - or whatever.

Dan Iveson  2010-06-23 15:46:36
How would you access the samacountname from VB.net? I'm googling with not much success...
Wayne Werner  2010-06-23 15:54:16
I pulled the following line of VB.Net from an old ASP.Net application I wrote: samaccount = HttpContext.Current.User.Identity.NameHowever due to company policies surrounding the change process we maintained our own permissions database rather than maintaining AD groups.
Dan Iveson  2010-06-23 16:07:54
ah, excellent. Thanks!
Wayne Werner  2010-06-23 16:23:19
+1  A: 

you need to disable anonymous auth for your IIS site and enable windows-auth instead.

now go to your web.config and change the following

<authentication mode="Windows"> 
...
</authentication>

see http://msdn.microsoft.com/en-au/library/532aee0e(v=VS.80).aspx

&

if neccesary 

<identity impersonate="true" />

see http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx

now you should be able to get the current user with 

HttpContext.Current.User.Identity.Name

to check if the user is in a specific group you can use

HttpContext.Current.User.IsInRole("YourActiveDirectoryGroup")
marc.d  2010-06-23 16:04:49
I actually stumbled across that same information in this post: http://www.tek-tips.com/faqs.cfm?fid=5440
Wayne Werner  2010-06-23 16:21:36

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application