Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best Practices web application security , HELP PLS! 1

Status
Not open for further replies.

peac3

Technical User
Jan 17, 2009
226
AU
Hi Guys,

Just trying to get the idea how is the best to apply the web application security.

At the moment, we store the individual user and the role into one table. The way it works is we get the user credential from .net code and pass it to sql and check for the role is equal admin.

Because we're getting more and more user and our table is getting more record we're trying to introduce those user into Active directory group and we store the AD group instead of the member and role into the table.

The problem is how the c# code search what AD group that the member belongs to?

Any input will be much appreciated.

Thanks guys,
 
Hi,
I have used this in the .cs page on load to print to a label all the ad groups the user belongs to.
Is the below what you want ?

//// DEBUG CODE gets each of the logged on user's groups
// gets current user
WindowsIdentity user = WindowsIdentity.GetCurrent();

// gets user's group
IdentityReferenceCollection userGroups = user.Groups;
StringBuilder sb = new StringBuilder();

//goes through the groups and puts each group name in to a string.
foreach (System.Security.Principal.IdentityReference group in userGroups)
{
IdentityReference translated = group.Translate(typeof(NTAccount));
sb.Append(translated.ToString() + "<br />");
}

string name = User.Identity.Name;
lblName.Text = name + ", " + sb.ToString();

Regards
Jacqui.
 
Sorry, realised I could be a bit more help.

That was debug code.
The code I use in my production is a little more help to your end result.

string group = "AD Group to check"

bool userisinrole = false;

if (User.IsInRole(group.Trim()))
userisinrole = true;

if (!userisinrole)
{
Response.Redirect("error.aspx");
}

Hope the combination of the two posts gives you what you want.
Jacqui.
 
Brilliant!

Thanks Jacqui1811
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top