How to check users against security groups in Active Directory

Discussion in 'ASP .Net Security' started by rote, Nov 14, 2007.

  1. rote

    rote Guest

    My sceanrio is this on an asp.net 2.0 freamework.
    I want to use any of the data controls e.g Gridview,DetailView etc..
    But i want some buttons e.g update,edit save etc to be enable or disabled
    based on if they belong to some security groups in active
    directory.
    I'm looking for the best options for this because i want to store those
    security groups somewhere and then check for the
    user against those security groups for their authorisation when they lunch
    the application.
    Preferably i would like to store them in an xml file and then write an API
    to change, modify or add active directory security groups.
    Any ideas would be appreciated.
    Thanks
     
    rote, Nov 14, 2007
    #1
    1. Advertising

  2. rote

    Joe Kaplan Guest

    Depending on the authentication model your app uses, ASP.NET may already
    know the user's security group membership. If you are using Windows
    authentication, you can just check User.IsInRole and do things like change
    the visibility of a control based on the result of that.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "rote" <> wrote in message
    news:...
    > My sceanrio is this on an asp.net 2.0 freamework.
    > I want to use any of the data controls e.g Gridview,DetailView etc..
    > But i want some buttons e.g update,edit save etc to be enable or disabled
    > based on if they belong to some security groups in active
    > directory.
    > I'm looking for the best options for this because i want to store those
    > security groups somewhere and then check for the
    > user against those security groups for their authorisation when they lunch
    > the application.
    > Preferably i would like to store them in an xml file and then write an API
    > to change, modify or add active directory security groups.
    > Any ideas would be appreciated.
    > Thanks
    >
    >
    >
     
    Joe Kaplan, Nov 14, 2007
    #2
    1. Advertising

  3. rote

    rote Guest

    Thanks Joe for the prompt reply. It seems you are still with Accenture.
    I'll be using Windows Auth and thats true i can use User.IsInRole method.
    But what 'm consideriing is how i'm going to store the AD sceurity GROUPS i
    want to validate the users against.
    I would like to have
    <?xml version="1.0" encoding="ISO-8859-1"?>
    <ActiveDirectory>
    <groups>Tove</groups>
    </note></ActiveDirectory>
    then using the IsinRole method i would like to loop through the groups
    node to check for security groups ..Is this achievable?
    Thanks in advance


    "Joe Kaplan" <> wrote in message
    news:...
    > Depending on the authentication model your app uses, ASP.NET may already
    > know the user's security group membership. If you are using Windows
    > authentication, you can just check User.IsInRole and do things like change
    > the visibility of a control based on the result of that.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "rote" <> wrote in message
    > news:...
    >> My sceanrio is this on an asp.net 2.0 freamework.
    >> I want to use any of the data controls e.g Gridview,DetailView etc..
    >> But i want some buttons e.g update,edit save etc to be enable or disabled
    >> based on if they belong to some security groups in active
    >> directory.
    >> I'm looking for the best options for this because i want to store those
    >> security groups somewhere and then check for the
    >> user against those security groups for their authorisation when they
    >> lunch the application.
    >> Preferably i would like to store them in an xml file and then write an
    >> API to change, modify or add active directory security groups.
    >> Any ideas would be appreciated.
    >> Thanks
    >>
    >>
    >>

    >
    >
     
    rote, Nov 15, 2007
    #3
  4. rote

    Joe Kaplan Guest

    Sure, you could definitely do that. I would probably provide some sort of
    wrapper around the groups and the authorization function in general so that
    you can easily change this at runtime. Microsoft has a nice, very powerful
    framework for this type of thing call AzMan that you can use, or you could
    implement something more simple yourself.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "rote" <> wrote in message
    news:e0Fr$...
    > Thanks Joe for the prompt reply. It seems you are still with Accenture.
    > I'll be using Windows Auth and thats true i can use User.IsInRole method.
    > But what 'm consideriing is how i'm going to store the AD sceurity GROUPS
    > i
    > want to validate the users against.
    > I would like to have
    > <?xml version="1.0" encoding="ISO-8859-1"?>
    > <ActiveDirectory>
    > <groups>Tove</groups>
    > </note></ActiveDirectory>
    > then using the IsinRole method i would like to loop through the groups
    > node to check for security groups ..Is this achievable?
    > Thanks in advance
    >
    >
    > "Joe Kaplan" <> wrote in message
    > news:...
    >> Depending on the authentication model your app uses, ASP.NET may already
    >> know the user's security group membership. If you are using Windows
    >> authentication, you can just check User.IsInRole and do things like
    >> change the visibility of a control based on the result of that.
    >>
    >> Joe K.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "rote" <> wrote in message
    >> news:...
    >>> My sceanrio is this on an asp.net 2.0 freamework.
    >>> I want to use any of the data controls e.g Gridview,DetailView etc..
    >>> But i want some buttons e.g update,edit save etc to be enable or
    >>> disabled based on if they belong to some security groups in active
    >>> directory.
    >>> I'm looking for the best options for this because i want to store those
    >>> security groups somewhere and then check for the
    >>> user against those security groups for their authorisation when they
    >>> lunch the application.
    >>> Preferably i would like to store them in an xml file and then write an
    >>> API to change, modify or add active directory security groups.
    >>> Any ideas would be appreciated.
    >>> Thanks
    >>>
    >>>
    >>>

    >>
    >>

    >
    >
     
    Joe Kaplan, Nov 15, 2007
    #4
  5. rote

    rote Guest

    I have read about about AZMAN but i think i will just go for a simple
    wrapper though.
    Thanks

    "Joe Kaplan" <> wrote in message
    news:...
    > Sure, you could definitely do that. I would probably provide some sort of
    > wrapper around the groups and the authorization function in general so
    > that you can easily change this at runtime. Microsoft has a nice, very
    > powerful framework for this type of thing call AzMan that you can use, or
    > you could implement something more simple yourself.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "rote" <> wrote in message
    > news:e0Fr$...
    >> Thanks Joe for the prompt reply. It seems you are still with Accenture.
    >> I'll be using Windows Auth and thats true i can use User.IsInRole method.
    >> But what 'm consideriing is how i'm going to store the AD sceurity GROUPS
    >> i
    >> want to validate the users against.
    >> I would like to have
    >> <?xml version="1.0" encoding="ISO-8859-1"?>
    >> <ActiveDirectory>
    >> <groups>Tove</groups>
    >> </note></ActiveDirectory>
    >> then using the IsinRole method i would like to loop through the groups
    >> node to check for security groups ..Is this achievable?
    >> Thanks in advance
    >>
    >>
    >> "Joe Kaplan" <> wrote in message
    >> news:...
    >>> Depending on the authentication model your app uses, ASP.NET may already
    >>> know the user's security group membership. If you are using Windows
    >>> authentication, you can just check User.IsInRole and do things like
    >>> change the visibility of a control based on the result of that.
    >>>
    >>> Joe K.
    >>>
    >>> --
    >>> Joe Kaplan-MS MVP Directory Services Programming
    >>> Co-author of "The .NET Developer's Guide to Directory Services
    >>> Programming"
    >>> http://www.directoryprogramming.net
    >>> --
    >>> "rote" <> wrote in message
    >>> news:...
    >>>> My sceanrio is this on an asp.net 2.0 freamework.
    >>>> I want to use any of the data controls e.g Gridview,DetailView etc..
    >>>> But i want some buttons e.g update,edit save etc to be enable or
    >>>> disabled based on if they belong to some security groups in active
    >>>> directory.
    >>>> I'm looking for the best options for this because i want to store those
    >>>> security groups somewhere and then check for the
    >>>> user against those security groups for their authorisation when they
    >>>> lunch the application.
    >>>> Preferably i would like to store them in an xml file and then write an
    >>>> API to change, modify or add active directory security groups.
    >>>> Any ideas would be appreciated.
    >>>> Thanks
    >>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
     
    rote, Nov 15, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sara rafiee
    Replies:
    3
    Views:
    1,095
    Scott Allen
    Oct 4, 2004
  2. Caspy
    Replies:
    3
    Views:
    3,586
    Sean M
    Aug 4, 2005
  3. rote
    Replies:
    2
    Views:
    504
  4. Craig Vedur
    Replies:
    5
    Views:
    723
  5. Sara rafiee

    Help me in making users/deleting users in active directory

    Sara rafiee, Oct 3, 2004, in forum: ASP .Net Web Controls
    Replies:
    1
    Views:
    404
    Robert Koritnik
    Oct 4, 2004
Loading...

Share This Page