Security :: How To Protect Form Controls Based On Active Directory Group
Feb 12, 2011
I have a requirement to make parts of forms (and sometimes the entire form) read-only based on the user's active-directory group. I already have integrated AD into the dynamic menu, so that users cannot view certain menu itmes based on their AD group - and this is working fine; however, now they want to get down to the control-level on the forms. The first way that comes to mind is for me to just grab the AD groups for the users and then loop through them, and write my own code to make controls read-only or enabled. Is this a good way to do it, or is there another way? Also, while we're on the topic, is there an easy way to protect an entire form, or maybe an entire panel?
I am getting the details from groups but some groups have data but did not return any data is there any problem with this code. some groups have returned data.
I have an application where I display every Active Directory group that the current user belongs to. When I have my config setup like this:
<authentication mode="Windows"/> <authorization> <deny users="?"/> <allow users="*"/> </authorization> It works fine. When it's like this: <authentication mode="Windows"/> <authorization> <!--<deny users="?"/>--> <allow users="*"/> </authorization>
No groups are found. Why does this make a difference? Does asp.net only authenticate if we are specifically denying access to unauthenticated users? If it helps this is how i'm getting the groups:
protected string GetUserGroups() { StringBuilder userGroups = new StringBuilder(); ArrayList groupMembers = new ArrayList(); DirectoryEntry root = new DirectoryEntry("LDAP://myldap/DC=nc,DC=local"); DirectorySearcher ds = new DirectorySearcher(root); ds.Filter = String.Format("(&(samaccountname={0})(objectClass=person))", User.Identity.Name.Substring(User.Identity.Name.LastIndexOf(@"") + 1)); ds.PropertiesToLoad.Add("memberof"); try { foreach (SearchResult sr in ds.FindAll()) { foreach (string str in sr.Properties["memberof"]) { string str2 = str.Substring(str.IndexOf("=") + 1, str.IndexOf(",") - str.IndexOf("=") - 1); groupMembers.Add(str2); } } } catch { //ignore if any properties found in AD } return String.Join("|", (string[])groupMembers.ToArray(typeof(string))); }
I need to list a group of users, their group name is (IRS Group) to a list group. how to do this. I'm very new to asp.net and dont have much knowlegde about acctive directory.
I have a need to send out emails to all the people who are in a given group say "HR Department". I need to be able to get all the emails through a for loop and then as it retrieves I should send emails to them.
this is what I came up with but not sure how to go about writing a for loop to get all the emails in the given group.
I am using Active Directory to authenticate users for an intranet site. I would like to refine the users that are authenticated based on the group they are in in Active Directory. Can someone show me or point me to directions on how to find what groups a user is in in ASP.NET 4.0 (VB)?
I can get the list of user groups from the same domain based on the logged in users by using following commandSystem.Web.HttpContext .Current.Request.LogonUserIdentity.GroupsBut in my case user can be part of another trusted domain group also. The above command is not retrieving the trusted domain groups.Is there any way to get all the groups belongs to logged in user even he is part trusted domain group also?
We had few distribution groups in our AD for emailing. To provide access to my application i use these groups to generate the license keys.
Microsoft clearly says "Distribution groups play no role in security (you do not assign permissions to distribution groups), and you cannot use them to filter Group Policy settings."
Is there any way to get the token access for the Distribution groups?
It throws me out saying genral access denied... finding the exact solution on how i could create a configuration page such that a certain set of groups could be assigned to my application.
I am using System.directory services namespace in framework 2 to query active directory. I have used fixed user account impersonisation in the web.config file, find the code:
I have disabled anonymous access in IIS. Also i have given Read & write access to the account tang09 for the website virtual directory and Microsoft.NET folder located in windows folder. But still i get prompted for the domain username and password to access the website.
I have contact form and offten using this form my web site is under attck... someone install some code who try to connect using java scriptand all java scripts that I'm using in my web site are infected...
I want to learn how to add/delete/update account (including adding mail boxes for new users). Can someone point to a good book where I can begin from. I want to start with some real basics and build from there.
have a probleme with my search filter, i want to list the users of an organizational unit result.filter =(& (objectClass= user)(ou=dep1)); ====> it didn't work for me
I am updating some CS code that was written in 2004, and that references some assemblies which extract user data from AD by query filtering on the user's title. I can't test my updated code in VS2010 because the assemblies no longer compile - the references are no longer valid (I can't create a DirectoryEntry or DirectorySearcher) so I need to work out how to replace the code with current directoryservices.accountmanagement namespace properties and methods. I have searched around but don't seem to be getting anywhere. give me some code that will work with vs 2010 to replicate the following: