Group Authentication

[Guest]

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!

 

[Guest]

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

 

[Guest]

Im using ASP 2.0

As a simple demonstration i would like to do the following:

if username has permission then
response.write(secure stuff)
else
response.write("")
end if

Determining whether that user has permission is the part i want to be able
to do. For instance get a list of the users in the ContactAdmin Active
Directory group, and compare the currently logged in user to see if he is in
the list. If he is then he has permission in the above code.

I hope that makes a little more sense!

--
Mark

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!

 

[Guest]

Hi Mark,

1- in the web.config add the following segment:
<location path="SecureFolder">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admins"/>
</authorization>
</system.web>
</location
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfAllow.asp
2- In the global.ascx authenticate the user against the LDAP
3- Createa custom principle (or choose any of the other authentication
methods
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht04.asp

4- Modify the global.ascx to assign the Context.Current.User =
YourCustomPrincipal or a generic principel as in this sample:

http://66.129.71.130/QuickStartv20/...urity.src&file=sitemapsecurity_vb\global.asax

This should take care of both the display and security as in this sample:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

Im using ASP 2.0

As a simple demonstration i would like to do the following:

if username has permission then
response.write(secure stuff)
else
response.write("")
end if

Determining whether that user has permission is the part i want to be able
to do. For instance get a list of the users in the ContactAdmin Active
Directory group, and compare the currently logged in user to see if he is in
the list. If he is then he has permission in the above code.

I hope that makes a little more sense!

--
Mark

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!

 

[Guest]

That example would just deny access to the whole page, which i could do
through NTFS permissions.

What i want is to just allow certain users (with permissions) to get links
on a page.

For instance, normal users just get a main menu page, however users with
permissions get the same main menu page, however they get an admin link in
the corner where they can get to the admin page. But i only want that link
displayed if they have permissions

Thanks for the help

--
Mark

Hi Mark,

1- in the web.config add the following segment:
<location path="SecureFolder">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admins"/>
</authorization>
</system.web>
</location>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfAllow.asp
2- In the global.ascx authenticate the user against the LDAP
3- Createa custom principle (or choose any of the other authentication
methods)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht04.asp

4- Modify the global.ascx to assign the Context.Current.User =
YourCustomPrincipal or a generic principel as in this sample:

http://66.129.71.130/QuickStartv20/...urity.src&file=sitemapsecurity_vb\global.asax

This should take care of both the display and security as in this sample:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

Im using ASP 2.0

As a simple demonstration i would like to do the following:

if username has permission then
response.write(secure stuff)
else
response.write("")
end if

Determining whether that user has permission is the part i want to be able
to do. For instance get a list of the users in the ContactAdmin Active
Directory group, and compare the currently logged in user to see if he is in
the list. If he is then he has permission in the above code.

I hope that makes a little more sense!

--
Mark

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com


:

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!

 

[Guest]

Hi Mark,

Are you saying that you want to give access to a page for users whose
permission does not allow them to see a link for it on the menu of the page?!

Perhaps you meant that from the home page of the site (which is allowed to
all users) you want only to display the menu items for the pages that are
authorized for the user. Both the example I gave its link below and the
Personal Web Site Starter Kit in ASP.NET2.0 do just that.

Phillip

That example would just deny access to the whole page, which i could do
through NTFS permissions.

What i want is to just allow certain users (with permissions) to get links
on a page.

For instance, normal users just get a main menu page, however users with
permissions get the same main menu page, however they get an admin link in
the corner where they can get to the admin page. But i only want that link
displayed if they have permissions

Thanks for the help

--
Mark

Hi Mark,

1- in the web.config add the following segment:
<location path="SecureFolder">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admins"/>
</authorization>
</system.web>
</location>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfAllow.asp
2- In the global.ascx authenticate the user against the LDAP
3- Createa custom principle (or choose any of the other authentication
methods)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht04.asp

4- Modify the global.ascx to assign the Context.Current.User =
YourCustomPrincipal or a generic principel as in this sample:

http://66.129.71.130/QuickStartv20/...urity.src&file=sitemapsecurity_vb\global.asax

This should take care of both the display and security as in this sample:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

Im using ASP 2.0

As a simple demonstration i would like to do the following:

if username has permission then
response.write(secure stuff)
else
response.write("")
end if

Determining whether that user has permission is the part i want to be able
to do. For instance get a list of the users in the ContactAdmin Active
Directory group, and compare the currently logged in user to see if he is in
the list. If he is then he has permission in the above code.

I hope that makes a little more sense!

--
Mark


:

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com


:

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!

 

[Guest]

I missed the part of how to determine whether the user has permission.

1) Set the security of the web app in IIS to “Integrated Windows
Authenticationâ€
2) In the global.ascx, retrieve the userID from the Context.User.Identity.Name
3) Search the Active Directory for the user's information
http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

Notice that you need to query the directory using a hard-coded user id and
password if you are on Win 2K or to turn on Kerberos authentication if you
are on win server 2003
http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx


--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

Im using ASP 2.0

As a simple demonstration i would like to do the following:

if username has permission then
response.write(secure stuff)
else
response.write("")
end if

Determining whether that user has permission is the part i want to be able
to do. For instance get a list of the users in the ContactAdmin Active
Directory group, and compare the currently logged in user to see if he is in
the list. If he is then he has permission in the above code.

I hope that makes a little more sense!

--
Mark

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!

 

[Guest]

Thank you very much for the help Philip, i have got it all sorted and working
now!

Regards

--
Mark

I missed the part of how to determine whether the user has permission.

1) Set the security of the web app in IIS to “Integrated Windows
Authenticationâ€
2) In the global.ascx, retrieve the userID from the Context.User.Identity.Name
3) Search the Active Directory for the user's information
http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

Notice that you need to query the directory using a hard-coded user id and
password if you are on Win 2K or to turn on Kerberos authentication if you
are on win server 2003
http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx


--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

Im using ASP 2.0

As a simple demonstration i would like to do the following:

if username has permission then
response.write(secure stuff)
else
response.write("")
end if

Determining whether that user has permission is the part i want to be able
to do. For instance get a list of the users in the ContactAdmin Active
Directory group, and compare the currently logged in user to see if he is in
the list. If he is then he has permission in the above code.

I hope that makes a little more sense!

--
Mark

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com


:

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!

 

[Guest]

You are quite welcome, Mark. It is a pleasure to see the information I have
on a topic being of help to others.

Regards,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

Thank you very much for the help Philip, i have got it all sorted and working
now!

Regards

--
Mark

I missed the part of how to determine whether the user has permission.

1) Set the security of the web app in IIS to “Integrated Windows
Authenticationâ€
2) In the global.ascx, retrieve the userID from the Context.User.Identity.Name
3) Search the Active Directory for the user's information
http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

Notice that you need to query the directory using a hard-coded user id and
password if you are on Win 2K or to turn on Kerberos authentication if you
are on win server 2003
http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx


--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com

Im using ASP 2.0

As a simple demonstration i would like to do the following:

if username has permission then
response.write(secure stuff)
else
response.write("")
end if

Determining whether that user has permission is the part i want to be able
to do. For instance get a list of the users in the ContactAdmin Active
Directory group, and compare the currently logged in user to see if he is in
the list. If he is then he has permission in the above code.

I hope that makes a little more sense!

--
Mark


:

It depends on how you implement your menu. Are you planning to use the
ASP.NET 2.0 navigation objects or regular ASP.NET 1.x techniques?

For ASP.NET 2.0 you may read this article from the QuickStart Tutorials:
http://66.129.71.130/QuickStartv20/aspnet/doc/navigation/sitenavapi.aspx#security
The Personal Web Site Starter Kit is a good demonstration. You can create
one by selecting File->new->Website->Personal Web Site Starter Kit.

In one implementation using ASP.NET 1.x I had the menu entries saved in a
database (where each record stores the roles to which this menu item is
available). There are 2 aspects to handle: 1) the display of the menu item,
2) the access authority to the folder or file where the menu item is linked.

--
[note: if this post answers your question, you can mark it as an answer
using the web-based newsreader functions]
-----
HTH,
Phillip Williams
http://www.societopia.net
http://www.webswapp.com


:

How would i go about using windows authentication to determine whether
someone was in a active directory group, and if they were the page would
display something different.

For instance, when someone goes to my default.asp page, only people within
the "ContactAdmins" group would see the admin links, and other people would
not!

Please help me!