In the authentication and authorization resources in the section http://docs.asp.net/en/latest/security/index.html
First, start a new ASP.Net web application project, select the web application template, then in the right pane, click the "Change Authentication" button and select "Windows Authentication".
Now you can use [Authorize] for a class or method to verify basic authentication and the active directory with RC2, you can just use the group names ala [Authorize( Roles=@ "DOMAIN\GROUP")]
Now an outdated and cumbersome alternative (still working):
If you look at User.Claims , you will see that groupid keys exist for each of the user groups. Based on this, you can do something like [Authorize(Policy="FOOBAR")] and define it in your Startup.ConfigureServices method using
services.AddAuthorization( o => o.AddPolicy( "FOOBAR", p => p.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", "ENTER GROUP SID") ));
Note that the second parameter of RequireClaim is a string array that allows multiple groups.
Also note to determine group identifiers using this command line magic dsquery group -name "ENTER GROUP NAME" | dsget group -sid dsquery group -name "ENTER GROUP NAME" | dsget group -sid