Windows Authentication in IIS - ban local users from MVC4 app
Question
We are using IIS 7-8 for our MVC4 application. The access is protected by the IIS built-in Windows Authentication. The local users (added on the server) and the users registered in the AD are able to log in. How can I exclude the local users from the ability to log in?
2 answers
solution1
0 2014-12-05 12:57:57
My suggestion would be to build the authentication based on AD Groups .
You create one or more AD Groups and add the users you want to that group(s). Then you can limit the access to your web application to those groups only.
Then in MVC you can use the Authorize attribute on your Actions, Controllers, or set it as global filter.
Basic usage
[Authorize(Roles=@"MyCompanyDomain\\company-group-name-here")]
solution2
0 2015-03-13 10:25:52
I found a solution via my MVC4 C# Code:
public static bool IsLocalUser(WindowsIdentity pIdentity)
{
// establish domain context
PrincipalContext lMachineContext = new PrincipalContext(ContextType.Machine);
// find user
UserPrincipal lMachineUser = UserPrincipal.FindByIdentity(lMachineContext, pIdentity.Name);
return lMachineUser != null;
}
In my controller, call the method and pass the identity:
if(IsLocalUser(HttpContext.User.Identity as WindowsIdentity))
{
// block and refer to error site.
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.