Best Practices web application security , HELP PLS! 1

[peac3]

Hi Guys,

Just trying to get the idea how is the best to apply the web application security.

At the moment, we store the individual user and the role into one table. The way it works is we get the user credential from .net code and pass it to sql and check for the role is equal admin.

Because we're getting more and more user and our table is getting more record we're trying to introduce those user into Active directory group and we store the AD group instead of the member and role into the table.

The problem is how the c# code search what AD group that the member belongs to?

Any input will be much appreciated.

Thanks guys,

 

[Jacqui1811]

Hi,
I have used this in the .cs page on load to print to a label all the ad groups the user belongs to.
Is the below what you want ?

//// DEBUG CODE gets each of the logged on user's groups
// gets current user
WindowsIdentity user = WindowsIdentity.GetCurrent();

// gets user's group
IdentityReferenceCollection userGroups = user.Groups;
StringBuilder sb = new StringBuilder();

//goes through the groups and puts each group name in to a string.
foreach (System.Security.Principal.IdentityReference group in userGroups)
{
IdentityReference translated = group.Translate(typeof(NTAccount));
sb.Append(translated.ToString() + "<br />");
}

string name = User.Identity.Name;
lblName.Text = name + ", " + sb.ToString();

Regards
Jacqui.

 

[Jacqui1811]

Sorry, realised I could be a bit more help.

That was debug code.
The code I use in my production is a little more help to your end result.

string group = "AD Group to check"

bool userisinrole = false;

if (User.IsInRole(group.Trim()))
userisinrole = true;

if (!userisinrole)
{
Response.Redirect("error.aspx");
}

Hope the combination of the two posts gives you what you want.
Jacqui.

 

[peac3]

Brilliant!

Thanks Jacqui1811