views:

18

answers:

1

Our application requires Active Directory for users to access it. Our goal is to split the business logic and the security.

Here is what I try to do but did not succeed yet :

1) Connect to Active Directory via web.config.

2) Specify groups needed for each .aspx page in the web.config file. (e.g.: index.aspx = admin, users)

3) Redirect the user to an error page if user's groups do not match the expected credentials.

4) Do all this without adding any code in my actual pages (to split business logic from security).

What do you suggest for that ? I found many examples on the web about Active Directory but they were not doing what I wanted.

Thanks!

A: 

Have you tried something like this in your web.config file.

<configuration>    
    <system.web>
        <authentication mode="Windows"/>
        <authorization>
         <allow roles="AD\My-Security-Group"/>
         <deny users="?"/>
        </authorization>
        <identity impersonate="true"/>
    </system.web>

    <location path="/ProtectedPath">
        <system.web>
          <authorization>
            <deny roles="AD\My-Security-Group"/>
            <allow roles="AD\My-Other-Security-Group"/>
          </authorization>
        </system.web>
    </location>
</configuration>
Flesrouy