Active Directory Group and C# webpage configuration

Question

I am wanting to allow access to a C# Webpage to only members in an Active Directory group. Can someone please point me in this direction or assist in anyway?

Thanks in advance

Answer 1

There exist multiple approaches to this.

Imperatively, you can check Page.User.IsInRole(@"domain\group"), and redirect away, send a 401 response, or throw an exception if the user should not have access.

Declaratively, you can control permissions in your web.config:

Answer 2

You can query AD to see what groups a user belongs to.

This is a great resource: http://www.codeproject.com/KB/system/everythingInAD.aspx#39

Something like this should work too:

using System.DirectoryServices.ActiveDirectory;
using System.DirectoryServices;
public bool IsUserInGroup(string group, string user)
{
    string DomainName="";
    string ADUsername="";
    string ADPassword="";

    DirectoryEntry entry=new DirectoryEntry(LDAPConnectionString, ADUsername, ADPassword);
    DirectorySearcher dSearch=new DirectorySearcher(entry);
    dSearch.Filter="(&(objectClass=user)(userPrincipalName=" + user + ")";

    foreach(SearchResult sResultSet in dSearch.FindAll())
    {
        string strGroupList=GetProperty(sResultSet, "memberOf");
        if(!string.IsNullOrEmpty(strGroupList) && strGroupList.IndexOf(group)>-1)
            return true;
    }
    return false;
} 

I didn't have time to check this or even compile, so I apologize in advance for any error. The if in the foreach might not be sufficient. There also may be a more efficient way to do the query, but this was what I could come up with quickly.