stackoom
  简体   繁体   中英

How to create admin roles in Active Directory and restrict pages in my application

 原文  2012-09-24 05:45:24       c#/ asp.net/ active-directory/ web-config/ roles

Question

In my application using Windows Authentication, I have been manually creating user roles/ membership stored in SQL (System.Web.Security.SqlRoleProvider enabled in web.config). 

 <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="connMembership" applicationName="/" />

But now, as I am releasing the application, I need to change to using the company's Active Directory groups 

<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName"   />

AND 

    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />

I have two questions (sorry I am really new to all this!)

1) using ActiveDirectoryMembershipProvider and WindowsTokenRoleProvider now in my web.config, how do I restrict user access into different pages of the app? (ie is using Roles.IsUserInRole(username, "ADGroupName") the only way?

2) How do I create an "admin" kind of role using Active Directory? I am asking because before (when still using SqlRoleProvider) I was able to create for myself an Admin group to add myself to in SQL which has access to all pages/functionalities 

i.e Roles.AddUserToRole(userName, Admin).

But now since I am part of a restricted AD group, I don't know how to override with some form of Admin security group to add myself to.

WOuld really appreciate your advice!!

Thanks!

1 answers

solution1
 0  2012-12-04 06:26:47

This is to answer your question, if there is another way for putting restriction on the page access, yes you can from the Web.config

In the Web.Config file, you may add the following for each page: 

<authentication mode="Windows" />

<location path="MyPage1.aspx">
    <system.web>
      <authorization>
        <allow roles="ActiveDirectoryRoleName" />
        <allow users="DOMAIN\USER1, DOMAIN\USER2" />
        <deny users="*" />
      </authorization>
    </system.web>
</location>

Or if you want to put the restriction globally for the website, then: 

<authentication mode="Windows" />

<authorization>
    <allow roles="ActiveDirectoryRoleName" />
<allow users="DOMAIN\USER1, DOMAIN\USER2" />
    <deny users="*" />
</authorization>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to restrict other active directory user in multi tenant application How to restrict access to a folder to a specific active directory group in an Asp.Net WebForms application? Assign Roles to Directory Pages in Membership and Roles Active Directory Roles - .net core `[Authorize(Roles = “admin”)]` Infinite loop ASP.NET MVC and Azure Active Directory B2C Restrict Admin Pages to Admin Users only Active Directory Admin group How to create two roles in a MVC application How to query Active Directory B if application server is in Active Directory A How to create a Folder and read write restrict it, so that it could be open through my application only?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM