14
votes

I am attempting to do something simple (I thought) - securing my application using roles-based security using Active Directory groups in our Domain.

Specifically, I need to show/hide items on a page depending upon whether the currently logged in user is part of domain\groupA in Active Directory. For some reason, it is difficult finding information on using Active Directory for this. Everything I seem to find goes into details of using forms-based authentication using roles, or it uses a DB to store the information.

All I want to do is use our already outlined security structure in our Active Directory. Can someone please explain what I need?

Do I need:

  1. <roleManager enabled="true"/> in web.config
  2. <allow roles ="domain\groupA"/> in web.config
  3. IIS set to windows authentication
  4. if (User.IsInRole(@"domain\groupA")){ //do stuff } in my page?

What else am I missing? Anything? 'cause its not working. heh.

Thanks all for your help.

1

1 Answers

22
votes

You probably just need to add a RoleProvider to your web.config to tell the app how to do searches against AD.

Sample code from here.

<roleManager defaultProvider="WindowsProvider" 
  enabled="true"
  cacheRolesInCookie="false">
  <providers>
    <add
      name="WindowsProvider"
      type="System.Web.Security.WindowsTokenRoleProvider" />
  </providers>
</roleManager>