Security :: How To Make Authentication Using Active Directory Groups
Mar 8, 2010
I've built a asp.net 3.5 web application and want to be able to restrict access to particular pages. I have pages which should be able to be accessed by a user and then an adminshould be able to access all pages. I have created 2 Active Directory groups, one for normal users and one for admins so any users in the user group can see some pages then admins should have no restrictio
I am trying to set up an intranet application with Forms Authentication configured for AD. (Don't ask why, it's for the boss). Anyways, I got it configured to where everybody on the domain can log in but I need to restrict it to a security group that IT has set up for me.
The problem I am having is that users in the SG can not log in to the site. I tried just adding
[Code]....
without a role manager but it didn't work. Then I tried adding the role manager below (among others...).
Here is my web.config
[URL]
Also, how should the user defined in connectionUsername and connectionPassword be set up? Must it be the same as the user I am running the application as?
I want to authenticate against the Active Directory by using Forms authentication and Visual Studio ASP.NET/C#.Do you know any great tutorials/howto:s for implementing this?
I am just getting started with MVC and I was wondering if someone could point me in the right direction for help with forms authentication using active directory? I have the sample site up but the results I have found on google have not been very helpful in answering this question. This site is going to be an intranet page that we want users to be able to access without logging in when they access it from our network while they must login when trying to access it from home.
I want to create a small intranet web site with a login page that will authenticate against groiups of users in Active Directory. So for example if someone in Group A logs in they can get to web page X and if someone from Group B logs on they can get to web page Y. Is it possible to do this with the login controls without writing code? I thought it would be a fairly standard thing to do.
I am trying to build a web app for an intranet site that for security reasons needs to make the user type in their Windows or Active Directory username pwd manually. I have previously worked with Integrated Windows Auth but in this case, we do want them to use type in their AD credentials.
I have been trying to look up how to do this and frankly I am a bit lost. It should be a fairly straightforward task and am hoping you can point me in the right direction, with some tutorials or examples. We will be using SSL so, dont have to worry about passing pwd in cleartext over the wire.
My environment is visual studio 2008 in C#, .net 3.5 if that matters.
I currently have a web application deployed on our intranet and it uses Active Directory to authenticate the user.It all works fine. But now im asked to somehow grant access to the application for outside vendors that are not part of AD, but they still need to keep the functionality of the AD as they dont want to manage all the users that currently use the application.Is this possible in some way?Currently users dont need to enter a password or username as they are part of AD, but users who are not get the " You are not authorized to view this page..."message. Is there any way to avoid that message and allow them to login using their own password?
I am trying to follow instructions on how to create a login page that tests against active directory. My issue is all of the tutorials seem to be written for ASP.NET 2.0. When I try to follow them I cannot get them to work. Does anyone have any tutorial or information for .NET 3.5 or 4.0?
I want to know how to do Active Directory Authentication in my intranet web application,
So far I created a simple login page and I am using the login control. my questions are how do I configure the application, how do I interface the login control so it will take the user to next page once they input their usual active directory username and password.
I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:
[Code]....
I also tried using the LogonUser method to create a user token and backend the authentication that way, and it doesn't work either.
I am trying to authenticate the users on a web application through their Active Directory credentials. What should I use? Client Certificate Mapping? or Forms? I am currently using a Form Authentication, but it is not working. It keep telling me my credentials are not correct. Should I switch over to something more recent? Client Certificate Mapping is installed, I just don't know how to set it up. Isn't there something about purchasing a certificate for the website? Is there anything else I can use that is secure and uses Active Directory credentials?
I've been searching for a solution to get a list of the AD Groups for at specific AD user. I'll need the current user logged in and would like to query by the username. The problem is that all the solutions I find on the web uses System.DirectoryServices - and I can't find the dll in my .Net 4.0 webproject (I only have System.DirectoryServices.AccountManagement) - so I can't use any of the examples that I've found. Is there a difference way to query the AD through 4.0 compared to 2.0? I could really use some examples, articles or just good advise to get moving - I'm kind of stuck at the moment.
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
I am having trouble using UserPrincipal.GetGroups in System.DirectoryServices.AccountManagement.
When I use the following code:
PrincipalSearchResult<Principal> groups = userPrincipal.GetGroups();
foreach (GroupPrincipal g in groups){ Console.WriteLine(g.DisplayName); }
I get the error "The value for the property AttributeScopeQuery cannot be set" in the foreach loop. I also get the same error when using groups.Count()I have read things that indicate this may be due to having some Windows 2000 domain controllers in the domain and so meaning it does not support ASQ.
What is the best way of doing this? The best I have come up with, since most of the rest of my code is running fine using System.DirectoryServices.AccountManagement is using the GetUnderlyingObject method of the UserPrincipal to get a DirectoryEntry and enumerating the values of the memberOf attribute. Using LINQ the code is quite compact:
var groups = from string groupPath in ((DirectoryEntry)userPrincipal.GetUnderlyingObject()).Properties["memberOf"] select new DirectoryEntry("LDAP://" + groupPath).Name.Replace("CN=", ""); foreach(groupName in groups){ Console.WriteLine(groupName); }
We are in the process of migrating from Lotus notes to Outlook by writing a .Net application. We have many email groups and contacts in Outlook that we want to move to the Active Directory in Outlook.
I have a web application (intranet based) which uses Windows Authentication. Unfortunately there are public computers that have public logins at some company locations. My web app doesn't support these public logins because I need to know the user workingSo, even though these public users are windows authentication users, my app will fail because I have no user account setup for that particular account. I want to then try Active Directory Authentication.In my Default.aspx.cs I'd have something like this
protected void Page_Load(object sender, EventArgs e) {try userContext = new UserContext(); // If the authenticated user isn't a user in my system then throw an exception } [code]...
I'm trying to get the groups a user is member of from an Open Ldap using vb.net 3.5.
Although so far I have managed to connect to the ldap server and get the user's info like sn, givenname, description, mail, adspath,
I have absolutely no information about the user's groups.
My code is like this:
Dim oEntry as New DirectoryEntry Dim oSearcher as New DirectorySearcher oEntry = New DirectoryEntry("LDAP://myServer/ou=test, dc=example, dc=com", username, pwd, AuthenticationTypes.ServerBind) oSearcher = New DirectorySearcher(oEntry, "(uid=" & uName & ")") oResult = oSearcher.FindOne() if not oResult is Nothing then Dim ADUser as DirectoryEntry ADUSer = oResult.GetDirectoryEntry() end if
Well, ADUser has no info on user membership whatsoever.
Am I doing something wrong? Should I use System.DirectoryServices.Protocols as I saw someone mentioning instead
of System.DirectoryServices or is .Protocols just for Framework 2.0?