2

I am at the beginning of writing an ASP.NET MVC application that will use Active Directory authentication.

I don't want the users to have to log in I want the ability to authenticate the user from their domain credentials and assign them roles.

I want to be able to assign roles to AD Users and AD groups using some kind of Admin views.

Are there any resources that deal with this?

Most importantly I want to be able to link the domain credentials with a User table in my application (it is essentially a Helpdesk Ticket application). How can I successfully link a user in my application DB to a Windows Authenticated account?

Thanks

Please ask for clarification if this does not make sense.

MVC 4 Intranet Authentication with Custom Roles

This seems to be a good resource, but any advice would be great

Improve this question
3
  • 1
    you can select Windows Authentication when creating the project, it'll handle about all of that for you Commented Apr 22, 2014 at 19:24
  • 1
    @Jonesy How do I link an AD account to a users table in my admin area? How do I create and manage roles using this method? All that it seems to do by default is allow you to display a username Commented Apr 22, 2014 at 19:39
  • @ASPNETMVC-Newbie: roles are created in AD and users are assigned to roles in AD. Linking to custom tables is possible with HttpContext.Current.User.Identity.Name which gives you the name of authenticated user. Commented Apr 22, 2014 at 19:44

1 Answer 1

Reset to default
3

Windows Authentication will verify the user exists on the AD, if you want to verify they exist in your user table, you can use a CustomAttribute (I'm using the EntityFramework):

public class AuthorizeDB : AuthorizeAttribute
{
    ProjectDB db = new ProjectDB();

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
            return false;

        var name = httpContext.User.Identity.Name;
        return db.Users.FirstOrDefault(u => u.UserName == name) != null;
    }
}

and decorate your classes with [AuthorizeDB] or set it for the entire application. The User.Identity.Name will come in as Domain\Username

If you're using custom Roles within your application, it should be about the same as any other type of authentication. Link a user with a role and then validate the roles they are in.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.