ASP.NET MVC身份验证在会话中存储Active Directory组

Question

I am currently working on an external web application. I am starting to work on the security. For example this is a course registration system, and there are admins, students, and instructors. Only the admins should be able to add instructors so I need to lock that part down. I have figured out how to authenticate with active directory and bring back the users profile. My thought was to store the users Active Directory groups in a session and use that to determine what the user can see. My problem is I can't seem to figure out how to store the AD group in the session. For instance let's say the admin is in a group called SYSTEM-ADMIN. How do I put that in a session to use it for securing my site. I have never had to do this before and can't seem to find much on how to add things like this to a session. I believe it would involve using the group to give the user a particular role and store the role in a session? Any help/resources would be appreciated. Thanks.

Answer 1

I needed to do a few different things then I expected First create an enum:

public enum Role
{
                Admin,
                Teacher,
                Student
}

Create a class:

public class SessionObject
{
                public Role UserRole { get; set; }
}

Create the session object and set the Role property, then assign that to the session:

SessionObject oSessionObject = new SessionObject { Role = Role.Admin };
Session[“SessionObject”] = oSessionObject;

if (Session[“SessionObject”] != null)
{
                vm.SessionObject = ((SessionObject) Session[“SessionObject”]);
}

Then you just check the vm.SessionObject.Role to see what role the user is.