Active Directory Authentication

Arg81

Arg81

Well-known member
Joined
Mar 11, 2005
Messages
949
Location
Midlands, UK
Programming Experience
1-3
Active Directory Authentication - RESOLVED

Hi guys,

Please could someone explain / show how I can take the current logged on user, and check to see whether they are in a group in AD?

Scenario:

- Users access my application by logging on as themselves to Terminal Server.
- I have figured out how to take username in either form "Username" or "Domain\UserName".
- I want to have each form of my app accessible to only certain groups. I assume I need to add code to each form with the group name.
- ^^ how do I then authenticate with the group name in AD, and deny access to those users who are not in the group?

Please could someone point me in either the direction of some websites or any threads. I have tried searching both Internet and on Forum but can't find any help.

Regards,
Luke
 
Last edited:
Sort by date Sort by votes
Best advice is to search "VB.Net tokenGroups", I found several code examples but also some problems people were having in different contexts.

Another tip I found was .Net 2.0 has got this included with WindowsIdentity.Groups in System.Security.Principal namespace
 
Upvote 0 Downvote
Thanks John.

However I thought there was a simple way of checking authentication in AD...maybe not it seems.

Don't want to move up to VS2005 and .Net 2.0, I had trouble trying to import and upgrade my program when I downloaded the trial..

Regards,
Luke
 
Upvote 0 Downvote
in the end, very easy!!!!

VB.NET: 
[SIZE=2][COLOR=#0000ff]Dim[/COLOR][/SIZE][SIZE=2] s [/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2] [/SIZE][SIZE=2][COLOR=#0000ff]New[/COLOR][/SIZE][SIZE=2] Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent)
[/SIZE][SIZE=2][COLOR=#0000ff]If[/COLOR][/SIZE][SIZE=2] (s.IsInRole[COLOR=red][COLOR=black]("[/COLOR][COLOR=red]DOMAIN\GROUP[/COLOR][/COLOR][COLOR=black]"))[/COLOR] = [/SIZE][SIZE=2][COLOR=#0000ff]True[/COLOR][/SIZE][SIZE=2] [/SIZE][SIZE=2][COLOR=#0000ff]Then
[/COLOR][/SIZE][SIZE=2]MessageBox.Show("You have the correct permission")
[/SIZE][SIZE=2][COLOR=#0000ff]Else
[/COLOR][/SIZE][SIZE=2]MessageBox.Show("You do not have permission")
[/SIZE][SIZE=2][COLOR=#0000ff]End[/COLOR][/SIZE][SIZE=2] [/SIZE][SIZE=2][COLOR=#0000ff]If[/COLOR][/SIZE]
[SIZE=2][COLOR=#0000ff][/COLOR][/SIZE] 
[SIZE=2][COLOR=#0000ff]
[/COLOR][/SIZE]

WHERE ("DOMAIN\GROUP") is the domain name and group name that you want to check to see whether the current logged on user is a member of.

This works perfectly for what I am trying to do as the user will always log on as themselves to Terminal Server. I can then use that username to check to see if they are a member of the "AddItemsDB" group.

I know I could of just used SQL user authentication but I'd rather the users have access at form "click" level, not once they fill in the information and then get told they don't have the access to Insert...

HTH others...
Luke

 
Upvote 0 Downvote
Good info, thanks for letting us know! Actually getting all the groups for a specific user was what I thought had to be done. But if you are looking for a specific group you already know the name when coding the app, then your method is good. Also if you just need to check builtin roles rather than groups.
 
Upvote 0 Downvote

Similar threads

F
  • Question
Problem with using Context.User.Identity.Name
Replies
1
Views
661
Rythorian
Rythorian
B
  • Question
Question Integrate on-premises ad with asp.net web application
Replies
0
Views
1K
bkdprakash
B
S
  • Question
Question Regex pattern help
Replies
1
Views
700
jmcilhinney
jmcilhinney
S
  • Locked
  • Question
Question Regex Pattern Help
Replies
1
Views
701
jmcilhinney
jmcilhinney
J
  • Solved
Can't find where my mistake is
Replies
11
Views
689
jdelano
J

Share this page

Latest posts

Back
Top