 | |
How to check users against security groups in Active Directory
ASP.net Security microsoft.public.dotnet.framework.aspnet.security
 |
| | Thread Tools | Search this Thread | Display Modes |
#1
 
| |||
| |||
|
How to check users against security groups in Active Directory -
11-14-2007
, 12:16 AM
#2
| |||
| |||
|
|
My sceanrio is this on an asp.net 2.0 freamework. I want to use any of the data controls e.g Gridview,DetailView etc.. But i want some buttons e.g update,edit save etc to be enable or disabled based on if they belong to some security groups in active directory. I'm looking for the best options for this because i want to store those security groups somewhere and then check for the user against those security groups for their authorisation when they lunch the application. Preferably i would like to store them in an xml file and then write an API to change, modify or add active directory security groups. Any ideas would be appreciated. Thanks |
#3
| |||
| |||
|
|
Depending on the authentication model your app uses, ASP.NET may already know the user's security group membership. If you are using Windows authentication, you can just check User.IsInRole and do things like change the visibility of a control based on the result of that. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "rote" <naijacoder (AT) hotmail (DOT) com> wrote in message news:uWhSVXoJIHA.4228 (AT) TK2MSFTNGP02 (DOT) phx.gbl... My sceanrio is this on an asp.net 2.0 freamework. I want to use any of the data controls e.g Gridview,DetailView etc.. But i want some buttons e.g update,edit save etc to be enable or disabled based on if they belong to some security groups in active directory. I'm looking for the best options for this because i want to store those security groups somewhere and then check for the user against those security groups for their authorisation when they lunch the application. Preferably i would like to store them in an xml file and then write an API to change, modify or add active directory security groups. Any ideas would be appreciated. Thanks |
#4
| |||
| |||
|
|
Thanks Joe for the prompt reply. It seems you are still with Accenture. I'll be using Windows Auth and thats true i can use User.IsInRole method. But what 'm consideriing is how i'm going to store the AD sceurity GROUPS i want to validate the users against. I would like to have ?xml version="1.0" encoding="ISO-8859-1"? ActiveDirectory groups>Tove</groups /note></ActiveDirectory then using the IsinRole method i would like to loop through the groups node to check for security groups ..Is this achievable? Thanks in advance "Joe Kaplan" <joseph.e.kaplan (AT) removethis (DOT) accenture.com> wrote in message news:OuH9hRvJIHA.4272 (AT) TK2MSFTNGP06 (DOT) phx.gbl... Depending on the authentication model your app uses, ASP.NET may already know the user's security group membership. If you are using Windows authentication, you can just check User.IsInRole and do things like change the visibility of a control based on the result of that. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "rote" <naijacoder (AT) hotmail (DOT) com> wrote in message news:uWhSVXoJIHA.4228 (AT) TK2MSFTNGP02 (DOT) phx.gbl... My sceanrio is this on an asp.net 2.0 freamework. I want to use any of the data controls e.g Gridview,DetailView etc.. But i want some buttons e.g update,edit save etc to be enable or disabled based on if they belong to some security groups in active directory. I'm looking for the best options for this because i want to store those security groups somewhere and then check for the user against those security groups for their authorisation when they lunch the application. Preferably i would like to store them in an xml file and then write an API to change, modify or add active directory security groups. Any ideas would be appreciated. Thanks |
#5
| |||
| |||
|
|
Sure, you could definitely do that. I would probably provide some sort of wrapper around the groups and the authorization function in general so that you can easily change this at runtime. Microsoft has a nice, very powerful framework for this type of thing call AzMan that you can use, or you could implement something more simple yourself. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "rote" <naijacoder (AT) hotmail (DOT) com> wrote in message news:e0Fr$5zJIHA.5980 (AT) TK2MSFTNGP04 (DOT) phx.gbl... Thanks Joe for the prompt reply. It seems you are still with Accenture. I'll be using Windows Auth and thats true i can use User.IsInRole method. But what 'm consideriing is how i'm going to store the AD sceurity GROUPS i want to validate the users against. I would like to have ?xml version="1.0" encoding="ISO-8859-1"? ActiveDirectory groups>Tove</groups /note></ActiveDirectory then using the IsinRole method i would like to loop through the groups node to check for security groups ..Is this achievable? Thanks in advance "Joe Kaplan" <joseph.e.kaplan (AT) removethis (DOT) accenture.com> wrote in message news:OuH9hRvJIHA.4272 (AT) TK2MSFTNGP06 (DOT) phx.gbl... Depending on the authentication model your app uses, ASP.NET may already know the user's security group membership. If you are using Windows authentication, you can just check User.IsInRole and do things like change the visibility of a control based on the result of that. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "rote" <naijacoder (AT) hotmail (DOT) com> wrote in message news:uWhSVXoJIHA.4228 (AT) TK2MSFTNGP02 (DOT) phx.gbl... My sceanrio is this on an asp.net 2.0 freamework. I want to use any of the data controls e.g Gridview,DetailView etc.. But i want some buttons e.g update,edit save etc to be enable or disabled based on if they belong to some security groups in active directory. I'm looking for the best options for this because i want to store those security groups somewhere and then check for the user against those security groups for their authorisation when they lunch the application. Preferably i would like to store them in an xml file and then write an API to change, modify or add active directory security groups. Any ideas would be appreciated. Thanks |
|
« Previous Thread
|
Next Thread »
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.