ASP .NET MVC Forms authorization with Active Directory groups

by

So I ended up implementing my own authorize attribute and using that:

namespace Application.Filters
{  
   public class AuthorizeADAttribute : AuthorizeAttribute
   {
      public string Groups { get; set; }

      protected override bool AuthorizeCore(HttpContextBase httpContext)
      {
         if (base.AuthorizeCore(httpContext))
         {
            /* Return true immediately if the authorization is not 
            locked down to any particular AD group */
            if (String.IsNullOrEmpty(Groups))
               return true;

            // Get the AD groups
            var groups = Groups.Split(',').ToList<string>();

            // Verify that the user is in the given AD group (if any)
            var context = new PrincipalContext(ContextType.Domain, "server");
            var userPrincipal = UserPrincipal.FindByIdentity(context, 
                                                 IdentityType.SamAccountName,
                                                 httpContext.User.Identity.Name);

            foreach (var group in groups)
               if (userPrincipal.IsMemberOf(context, IdentityType.Name, group))
                  return true;
         }
         return false;
      }
   }
}

And then I can simply use the following above controllers or functions

Using Application.Filters;
...
[AuthorizeAD(Groups = "groupname")]

NB: You could simply use new PrincipalContext(ContextType.Domain); however there is a bug in .NET 4.0 that throws a (0x80005000) error at userPrincpal.IsMemberOf(...). See here for details.

If you would like to know how to redirect to another page based on failed authorization, check my answer here: Adding an error message to the view model based on controller attribute in ASP.NET MVC

More Related Contents:

  1. Html.Partial vs Html.RenderPartial & Html.Action vs Html.RenderAction
  2. How can I get my webapp’s base URL in ASP.NET MVC?
  3. New asp.net charting controls – will they work with MVC (eventually)?
  4. How to convert View Model into JSON object in ASP.NET MVC?
  5. MVC4 HTTP Error 403.14 – Forbidden
  6. ASP.NET MVC – Find Absolute Path to the App_Data folder from Controller
  7. Windows update caused MVC3 and MVC4 stop working
  8. Parser Error Message: Could not load type ‘TestMvcApplication.MvcApplication’
  9. How to change default view location scheme in ASP.NET MVC?
  10. Create virtual directory on same azure web app
  11. Cannot attach the file *.mdf as database
  12. How to create a CheckBoxListFor extension method in ASP.NET MVC?
  13. Retrieve the current view name in ASP.NET MVC?
  14. Where and how is the _ViewStart.cshtml layout file linked?
  15. Connection string using Windows Authentication
  16. .NET MVC Call method on different controller
  17. Can’t find ADO.net Entity Data Model template in VS2017
  18. What does Html.HiddenFor do?
  19. ASP.NET MVC security patch to version 3.0.0.1 breaks build [duplicate]
  20. User Group and Role Management in .NET with Active Directory
  21. What’s the difference between RouteLink and ActionLink in ASP.NET MVC?
  22. System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred
  23. How do I improve ASP.NET MVC application performance?
  24. Could not load file or assembly ‘Antlr3.Runtime (1)’ or one of its dependencies
  25. How to send an email with attachments using SmtpClient.SendAsync?
  26. The model backing the ‘ApplicationDbContext’ context has changed since the database was created
  27. How do I solve an AntiForgeryToken exception that occurs after an iisreset in my ASP.Net MVC app?
  28. How to Convert Row to Column in Linq and SQL
  29. Integrate existing ASP.NET MVC application with Orchard CMS
  30. How can I force a hard refresh (ctrl+F5)?

Leave a Comment