stackoom
  简体   繁体   中英

How to detect Active Directory user on ASP.NET page

 原文  2014-03-13 21:43:21       c#/ asp.net/ active-directory

Question

I have a web application which is largely a content system - that is, it displays help for another system. It doesn't matter who views it. However, there is a list of users I would like to display, and also provide a way to edit the list. On that one page I want to detect the user's Active Directory information, and if the user is in the list of users authorized to change the data, then display an edit icon button to provide a means of editing some element. I do not need nor want Windows Authentication determining whether the user can get to the page, only to discobver the user's logon creds.

In short, I want this: 

// Get the user's creds
// Is user a page editor?
if (IsPageEditor(UserCreds))
{
    // put icon buttons for editing 
}
else
{
    // don't put icon button there
}

First of course is, getting the user credentials. I should add that this will all be on a private company intranet, and every user will be signed into the network.

2 answers

solution1
 1  2014-03-13 21:52:53

To get the current logged in user you need to call WindowsIdentity.GetCurrent();

From there you can do a lot of things depending on your requirement, get users groups, get OU information etc. For a full AD wrapper I have a full article here

http://macaalay.com/2010/06/28/active-directory-c/

solution2
 1 ACCPTED  2014-03-13 22:16:58

I do not need nor want Windows Authentication determining whether the user can get to the page, only to discobver the user's logon creds.

Why not? Windows Authentication is the obvious, secure way to discover the Windows identity of the connected user.

Any other mechanism is insecure, ie a user who is not authorized to edit could spoof an authorized user's identity. Using Windows Authentication doesn't preclude you from allowing any user to access the application.

My understanding of setting Windows.Authentication ON is that it will challenge the user to give user name and password before allowing to view the page

No, this isn't correct. If the server is in the same domain as the client, and the server is configured to allow all domain users to connect, there doesn't need to be a prompt to the end user.

Our trouble ticket system "knows" who we are when we access the page -- it must be getting this information from Active Directory, from the current logged in user.

Probably it is using Windows authentication. Try examining the HTTP flow between the browser and your trouble ticket system with a tool such as Fiddler: you'll probably see an authentication challenge/response.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to remove user account from active directory in asp.net ASP.NET error getting user details from Active Directory Accessing Active Directory to get User's Manager in asp.net asp.net azure active directory user profile data ASP.NET - how to detect a MAC user How to get/set custom Azure Active Directory B2C user attributes in ASP.NET MVC? How to get current Active Directory user in ASP.NET when IIS is running under a service account How to get Active Directory current user Display Name in ASP.NET Core? How to get authorized user from active directory in asp.net using c#? How can I get 'minimum password age' of user in active directory using asp.net?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM