Geek Answers Handbook

Resolution MVC3 using AD

Is it possible to enable / disable users of MVC3 application using AD?

My application is protected by Windows authentication for now, but that means adding users to groups on the Win2007 server.

I would like to change this so that users are allowed / denied access to actions / views of applications and / or controllers based on their AD roles, so they either automatically registered (for example, Windows auth), or redirected to the Denied page.

Any help greatly appreciated is accepted ... everything I find seems to be based on Windows groups or forms authentication.

+4
source share
3 answers

You can use the Roles property:

[Authorize(Roles = @"SOMEDOMAIN\somegroup")] public ActionResult Foo() { ... }

Here's a tutorial that explains the steps.

+4
source

I am using AD groups for my intranet application.

 <authentication mode="Windows" /> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <clear /> <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager>

and then added authorization attributes to my controller actions that I needed to protect:

 [Authorize(Roles = MyNamesspace.Constants.MANAGER_GROUP)] public ActionResult Blah() {...

And in the view, you can use User.IsInRole and the name of your AD / Windows group.

Or get a list of the roles that the web server sees with this user: System.Web.Security.Roles.GetRolesForUser();

Caution: my server and my clients are in the same domain. this will not work if you need to do the same for off-site web clients against your ActiveDirectory.

+2
source

Just use the membership provider mechanism that is built into Asp.net. You will find that there is already an ActiveDirectoryMembershipProvider , but you will have to implement RoleProvider yourself, because membership can be determined in different ways on different networks.

+2
source

More articles:


All Articles