How do I authenticate against an Active Directory group in ASP.NET Core application without log in?
Question
I'm currently building an intranet application and am now looking to lock it down to members of a particular Active Directory group and if the user is not a member of this group, an error page is returned.
I'm using ASP.NET Core with Razor Pages and the information I've found thus far appears to be fragmented. The AD being used is on premises and not with Azure.
Thanks.
1 answers
solution1
1 ACCPTED 2019-03-23 10:52:04
Basically you could use IIS or Http.sys for that -> https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.2&tabs=visual-studio
In case of IIS usage and if you want to give access to a single AD group for whole application you could just enable windows authentication and add the following into web.config:
<authorization>
<deny users="?"/>
<allow roles="YourDomain\YourAdGroup" />
<deny users="*" />
</authorization>
If you wish to have different groups for different controller actions please look at this post ASP.NET Core Authorize AD Groups through web.config
Cheers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.